CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
Configurations

Configuration 1

cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*

Information

Published : 2019-05-13 08:29

Updated : 2019-05-14 01:44


NVD link : CVE-2019-11600

Mitre link : CVE-2019-11600

Products Affected
No products.
CWE