2019-05-13 22:29:02 2019-05-14 15:44:25

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Openproject Openproject 5.0.0 (not an official CPE) Openproject Openproject 5.0.1 (not an official CPE) Openproject Openproject 5.0.2 (not an official CPE) Openproject Openproject 5.0.3 (not an official CPE) Openproject Openproject 5.0.4 (not an official CPE) Openproject Openproject 5.0.5 (not an official CPE) Openproject Openproject 5.0.6 (not an official CPE) Openproject Openproject 5.0.7 (not an official CPE) Openproject Openproject 5.0.8 (not an official CPE) Openproject Openproject 5.0.9 (not an official CPE) Openproject Openproject 5.0.10 (not an official CPE) Openproject Openproject 5.0.11 (not an official CPE) Openproject Openproject 5.0.12 (not an official CPE) Openproject Openproject 5.0.13 (not an official CPE) Openproject Openproject 5.0.14 (not an official CPE) Openproject Openproject 5.0.15 (not an official CPE) Openproject Openproject 5.0.16 (not an official CPE) Openproject Openproject 5.0.17 (not an official CPE) Openproject Openproject 5.0.18 (not an official CPE) Openproject Openproject 5.0.19 (not an official CPE) Openproject Openproject 5.0.20 (not an official CPE) Openproject Openproject 6.0.0 (not an official CPE) Openproject Openproject 6.0.1 (not an official CPE) Openproject Openproject 6.0.2 (not an official CPE) Openproject Openproject 6.0.3 (not an official CPE) Openproject Openproject 6.0.4 (not an official CPE) Openproject Openproject 6.0.5 (not an official CPE) Openproject Openproject 6.1.0 (not an official CPE) Openproject Openproject 6.1.1 (not an official CPE) Openproject Openproject 6.1.2 (not an official CPE) Openproject Openproject 6.1.3 (not an official CPE) Openproject Openproject 6.1.4 (not an official CPE) Openproject Openproject 6.1.5 (not an official CPE) Openproject Openproject 6.1.6 (not an official CPE) Openproject Openproject 7.0.0 (not an official CPE) Openproject Openproject 7.0.1 (not an official CPE) Openproject Openproject 7.0.2 (not an official CPE) Openproject Openproject 7.0.3 (not an official CPE) Openproject Openproject 7.1.0 (not an official CPE) Openproject Openproject 7.2.0 (not an official CPE) Openproject Openproject 7.2.1 (not an official CPE) Openproject Openproject 7.2.2 (not an official CPE) Openproject Openproject 7.2.3 (not an official CPE) Openproject Openproject 7.3.0 (not an official CPE) Openproject Openproject 7.3.1 (not an official CPE) Openproject Openproject 7.3.2 (not an official CPE) Openproject Openproject 7.4.0 (not an official CPE) Openproject Openproject 7.4.1 (not an official CPE) Openproject Openproject 7.4.2 (not an official CPE) Openproject Openproject 7.4.3 (not an official CPE) Openproject Openproject 7.4.4 (not an official CPE) Openproject Openproject 7.4.5 (not an official CPE) Openproject Openproject 7.4.6 (not an official CPE) Openproject Openproject 7.4.7 (not an official CPE) Openproject Openproject 8.0 (not an official CPE) Openproject Openproject 8.0.1 (not an official CPE) Openproject Openproject 8.0.2 (not an official CPE) Openproject Openproject 8.1.0 (not an official CPE) Openproject Openproject 8.2.0 (not an official CPE) Openproject Openproject 8.2.1 (not an official CPE) Openproject Openproject 8.3.0 (not an official CPE) Openproject Openproject 8.3.1 (not an official CPE)