What is CVE-2019-11600?

CVE-2019-11600 is a vulnerability in N/a. Published 2019-05-13.

Is CVE-2019-11600 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not t…

EPSS: 0.773 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

20190510 SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject (mailing-list, x_refsource_FULLDISC)
20190510 SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject (mailing-list, x_refsource_BUGTRAQ)
packetstormsecurity.com/files/152806/OpenProject-8.3.1-SQL-Injection.html (x_refsource_MISC)
www.openproject.org/release-notes/openproject-8-3-2/ (x_refsource_CONFIRM)
groups.google.com/forum/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-11600?: CVE-2019-11600 is a vulnerability in N/a. Published 2019-05-13.
Is CVE-2019-11600 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.