Security Advisory

CVE-2019-11600

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-05-13 19:57:47

Last updated 2024-08-04 22:55:41

Assigner mitre

State PUBLISHED

Description

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.

← Browse all CVEs View on cve.org ↗