CVE-2019-11600

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11600

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11600.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11600

Published

2019-05-13T20:29:02.697Z

Modified

2026-04-10T04:11:54.448592Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.

References

Affected packages

Git / github.com/opf/openproject

Affected ranges

Type

GIT

Repo

https://github.com/opf/openproject

Events

Introduced

95f5d4c469e11d37289953a5c94a54ed0d52ca0e

Fixed

34b9eac06fb3b02dc111728c2da14a4beb4178c1

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "8.3.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11600.json"