Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Remediation

References

http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wms

CVE-2019-15602 Vulnerability in npm package fileview

CVE-2021-23358 Vulnerability in npm package underscore

CVE-2023-3432 Vulnerability in maven package net.sourceforge.plantuml:plantuml

CVE-2020-26217 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory