Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Remediation

References

http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2023-23936 Vulnerability in npm package undici

CVE-2022-31147 Vulnerability in maven package org.webjars.bower:jquery-validation

CVE-2021-27905 Vulnerability in maven package org.apache.solr:solr-core

CVE-2021-32620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-24122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory