HTTP: OPF OpenProject Activities API SQL Injection
This signature detects attempts to exploit a known vulnerability in the OpenProject Activities API. A successful attack can lead to SQL Injection vulnerability.
Extended Description
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
Affected Products
Openproject openproject
Short Name
HTTP:SQL:OPF-OPENPROJECT-SQLI
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
API Activities CVE-2019-11600 Injection OPF OpenProject SQL
Release Date
06/20/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Openproject
CVSS Score
6.8