CVE-2020-11942
Description
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Open-AudIT 3.2.2 is vulnerable to multiple SQL injection attacks, allowing unauthenticated database access.
Vulnerability
Multiple SQL injection vulnerabilities exist in Open-AudIT version 3.2.2 [1]. The flaws are present in various endpoints, allowing injection of arbitrary SQL queries without requiring prior authentication. The vulnerabilities are addressed in version 3.3.0 [1].
Exploitation
An attacker can exploit these vulnerabilities over the network without authentication. By crafting malicious input in HTTP request parameters, the attacker can inject SQL commands that are executed by the backend database. No user interaction or special privileges are needed.
Impact
Successful exploitation allows an attacker to execute arbitrary SQL queries against the Open-AudIT database. This can lead to disclosure of sensitive information such as device credentials, configuration data, and user accounts. In some configurations, it may also enable data modification or deletion.
Mitigation
Open-AudIT version 3.3.0, released on or around the publication date, contains fixes for these issues [1]. Users should update to version 3.3.0 or later. No workarounds are documented in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open-AudIT/Open-AudITdescription
- Range: =3.2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0mitrex_refsource_MISC
- www.coresecurity.com/advisories/open-audit-multiple-vulnerabilitiesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.