Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Remediation

References

http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2019-12814 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2019-11002 Vulnerability in npm package materialize-css

CVE-2019-1003031 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2022-41946 Vulnerability in maven package org.postgresql:postgresql

CVE-2020-2204 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory