Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:SQL:OPF-OPENPROJECT-SQLI

Severity

 Major

Recommended

 No

Category

 HTTP

Keywords

 OPF OpenProject Activities API SQL Injection

Release Date

 2019/06/20

Update Number

 3182

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: OPF OpenProject Activities API SQL Injection


This signature detects attempts to exploit a known vulnerability in the OpenProject Activities API. A successful attack can lead to SQL Injection vulnerability.

Extended Description

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.

Affected Products

  • Openproject openproject 5.0.0
  • Openproject openproject 5.0.1
  • Openproject openproject 5.0.10
  • Openproject openproject 5.0.11
  • Openproject openproject 5.0.12
  • Openproject openproject 5.0.13
  • Openproject openproject 5.0.14
  • Openproject openproject 5.0.15
  • Openproject openproject 5.0.16
  • Openproject openproject 5.0.17
  • Openproject openproject 5.0.18
  • Openproject openproject 5.0.19
  • Openproject openproject 5.0.2
  • Openproject openproject 5.0.20
  • Openproject openproject 5.0.3
  • Openproject openproject 5.0.4
  • Openproject openproject 5.0.5
  • Openproject openproject 5.0.6
  • Openproject openproject 5.0.7
  • Openproject openproject 5.0.8
  • Openproject openproject 5.0.9
  • Openproject openproject 6.0.0
  • Openproject openproject 6.0.1
  • Openproject openproject 6.0.2
  • Openproject openproject 6.0.3
  • Openproject openproject 6.0.4
  • Openproject openproject 6.0.5
  • Openproject openproject 6.1.0
  • Openproject openproject 6.1.1
  • Openproject openproject 6.1.2
  • Openproject openproject 6.1.3
  • Openproject openproject 6.1.4
  • Openproject openproject 6.1.5
  • Openproject openproject 6.1.6
  • Openproject openproject 7.0.0
  • Openproject openproject 7.0.1
  • Openproject openproject 7.0.2
  • Openproject openproject 7.0.3
  • Openproject openproject 7.1.0
  • Openproject openproject 7.2.0
  • Openproject openproject 7.2.1
  • Openproject openproject 7.2.2
  • Openproject openproject 7.2.3
  • Openproject openproject 7.3.0
  • Openproject openproject 7.3.1
  • Openproject openproject 7.3.2
  • Openproject openproject 7.4.0
  • Openproject openproject 7.4.1
  • Openproject openproject 7.4.2
  • Openproject openproject 7.4.3
  • Openproject openproject 7.4.4
  • Openproject openproject 7.4.5
  • Openproject openproject 7.4.6
  • Openproject openproject 7.4.7
  • Openproject openproject 8.0
  • Openproject openproject 8.0.1
  • Openproject openproject 8.0.2
  • Openproject openproject 8.1.0
  • Openproject openproject 8.2.0
  • Openproject openproject 8.2.1
  • Openproject openproject 8.3.0
  • Openproject openproject 8.3.1

References

  • CVE: CVE-2019-11600
  • URL: https://www.openproject.org/release-notes/openproject-8-3-2/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out