Published: 13/05/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A SQL injection vulnerability in the activities API in OpenProject prior to 8.3.2 allows a remote malicious user to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openproject openproject

SEC Consult Vulnerability Lab Security Advisory < 20190510-0 > ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 500 - 831 fixed version: 832 & 900 CVE number: CVE-2019-11600 ...

OpenProject versions 500 through 831 suffer from a remote SQL injection vulnerability ...

[ Web XPL ] :: [ CP 1 - Pesquisa Vulns Web & Hacker101 CTF ]

CTF: Micro-CMS v2, Moderate Nota-se uma aplicação web que cria páginas Aparentemente algumas vulnerabilidades que existiam no antigo sistema foram corrigidas, e um novo sistema de autenticação foi implementado Por meio da leitura de todas as páginas, não foi possível encontrar nada Acessar páginas que poderiam es

CWE-89 https://www.openproject.org/release-notes/openproject-8-3-2/https://seclists.org/bugtraq/2019/May/22 http://seclists.org/fulldisclosure/2019/May/7 http://packetstormsecurity.com/files/152806/OpenProject-8.3.1-SQL-Injection.html https://groups.google.com/forum/#%21msg/openproject-security/XlucAJMxmzM/hESpOaFVAwAJ https://nvd.nist.gov https://github.com/arakakivl/xpl_cp1 https://www.exploit-db.com/exploits/46838

CVE-2019-11600

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect