CVE-2017-7681

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 73.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Openmeetings Apache Openmeetings

Timeline

PublishedJul 17

Latest updateMay 17

Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.openmeetings:openmeetings-parent1.0.0 — 3.3.0

▶NVDapache/openmeetings21 versions+20

▶CVEListV5apache_software_foundation/apache_openmeetings1.0.0

🔴Vulnerability Details

GHSA

Apache OpenMeetings vulnerable to SQL injection↗2022-05-17

▶

OSV

Apache OpenMeetings vulnerable to SQL injection↗2022-05-17

▶

CVEList

CVE-2017-7681: Apache OpenMeetings 1↗2017-07-14

▶