A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-13T19:57:47

Updated: 2019-05-13T19:57:47

Reserved: 2019-04-30T00:00:00


Link: CVE-2019-11600

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2019-05-13T20:29:02.697

Modified: 2023-11-07T03:03:03.703


Link: CVE-2019-11600

JSON object: View

cve-icon Redhat Information

No data.

CWE