Intrusion Prevention



This indicates an attack attempt to exploit a SQL Injection Vulnerability in OPF OpenProject.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the Activities API endpoint. Successful exploitation results in the execution of arbitrary SQL code against the underlying database.

Affected Products

OPF OpenProject 5.0.0 - 8.3.1


System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

Recommended Actions

Apply the most recent upgrade or patch from the vendor.!msg/openproject-security/XlucAJMxmzM/hESpOaFVAwAJ

CVE References