SQL Injection Vulnerability in OpenProject Activities API

SQL Injection Vulnerability in OpenProject Activities API

CVE-2019-11600 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.