Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Remediation

References

http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2022-23944 Vulnerability in maven package org.apache.shenyu:shenyu-common

CVE-2021-32859 Vulnerability in npm package baremetrics-calendar

CVE-2020-2168 Vulnerability in maven package org.jenkins-ci.plugins:azure-acs

CVE-2023-50771 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth

CVE-2020-1926 Vulnerability in maven package org.apache.hive:hive-service

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory