CVE-2025-67102

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

17/02/2026

Last modified:

18/02/2026

Description

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.

Impact

References to Advisories, Solutions, and Tools

https://github.com/bbalet/jorani
https://www.helx.io/blog/advisory-jorani/