CVE-2014-7871 — SQL Injection in Appsuite

CWE-89 — SQL Injection4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite

Timeline

PublishedNov 21

Latest updateMay 14

Description

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite7.4.2+1

🔴Vulnerability Details

GHSA

GHSA-4w2r-p3vj-jj74: SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7↗2022-05-14

▶

CVEList

CVE-2014-7871: SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7↗2014-11-21

▶