CVE-2017-7681 – org.apache.openmeetings:openmeetings-parent

Package

Manager: maven
Name: org.apache.openmeetings:openmeetings-parent
Vulnerable Version: >=1.0.0 <3.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00097 pctl0.27853

Details

Apache OpenMeetings vulnerable to SQL injection Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. The issue is fixed in version 3.3.0.

Metadata

Created: 2022-05-17T02:28:11Z
Modified: 2022-11-22T18:57:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-335g-xcjh-ghc2/GHSA-335g-xcjh-ghc2.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-335g-xcjh-ghc2
Finding: F297
Auto approve: 1