A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2019-05-13T19:57:47
Updated: 2024-08-04T22:55:41.165Z
Reserved: 2019-04-30T00:00:00
Link: CVE-2019-11600

No data.

Status : Modified
Published: 2019-05-13T20:29:02.697
Modified: 2024-11-21T04:21:25.490
Link: CVE-2019-11600

No data.