CVE-2017-18888SQL Injection in Mattermost Mattermost-server

CWE-89SQL Injection5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 38.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Mattermost Mattermost-serverMattermost Server
Timeline
PublishedJun 19
Latest updateDec 15

Description

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmattermost/mattermost_server4.2.04.2.1+2
Gogithub.com/mattermost_mattermost-server4.2.0-rc14.2.1+5

🔴Vulnerability Details

4
OSV
Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests in github.com/mattermost/mattermost-server2025-12-15
OSV
Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests2022-05-24
GHSA
Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests2022-05-24
CVEList
CVE-2017-18888: An issue was discovered in Mattermost Server before 42020-06-19
CVE-2017-18888 — SQL Injection | cvebase