logo_clicknbuy.png

CVE-2025-3805 – Jinja2 Template Handler Local File Injection Vulnerability in Sarrionandia Tournatrack

The following table lists the changes that have been made to the
CVE-2025-3805 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Apr. 19, 2025

    Action Type Old Value New Value
    Added Description A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:L/AC:L/Au:S/C:P/I:P/A:P)
    Added CWE CWE-74
    Added CWE CWE-707
    Added Reference https://github.com/sarrionandia/tournatrack/issues/86
    Added Reference https://github.com/sarrionandia/tournatrack/issues/86#issue-2982930491
    Added Reference https://vuldb.com/?ctiid.305659
    Added Reference https://vuldb.com/?id.305659
    Added Reference https://vuldb.com/?submit.554781
Share the Post:

Related Posts