Unrated severityNVD Advisory· Published May 13, 2019· Updated Aug 4, 2024
CVE-2019-11600
CVE-2019-11600
Description
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenProject/OpenProjectdescription
- Range: <8.3.2
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/152806/OpenProject-8.3.1-SQL-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/May/7mitremailing-listx_refsource_FULLDISC
- groups.google.com/forum/mitrex_refsource_MISC
- seclists.org/bugtraq/2019/May/22mitremailing-listx_refsource_BUGTRAQ
- www.openproject.org/release-notes/openproject-8-3-2/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.