A SQL injection vulnerability in the activities API in OpenProject prior to 8.3.2 allows a remote malicious user to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openproject openproject |