CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7681

HIGH
8.8
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile37.40th
PublishedJul 17, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Affected Platforms (CPE)

πŸ“¦
Apache

Openmeetings

= 1.0.0
πŸ“¦
Apache

Openmeetings

= 2.0
πŸ“¦
Apache

Openmeetings

= 2.1
πŸ“¦
Apache

Openmeetings

= 2.1.1
πŸ“¦
Apache

Openmeetings

= 2.2.0
πŸ“¦
Apache

Openmeetings

= 3.0.0
πŸ“¦
Apache

Openmeetings

= 3.0.1
πŸ“¦
Apache

Openmeetings

= 3.0.2
πŸ“¦
Apache

Openmeetings

= 3.0.3
πŸ“¦
Apache

Openmeetings

= 3.0.4
πŸ“¦
Apache

Openmeetings

= 3.0.5
πŸ“¦
Apache

Openmeetings

= 3.0.6
πŸ“¦
Apache

Openmeetings

= 3.0.7
πŸ“¦
Apache

Openmeetings

= 3.1.0
πŸ“¦
Apache

Openmeetings

= 3.1.1
πŸ“¦
Apache

Openmeetings

= 3.1.2
πŸ“¦
Apache

Openmeetings

= 3.1.3
πŸ“¦
Apache

Openmeetings

= 3.1.4
πŸ“¦
Apache

Openmeetings

= 3.1.5
πŸ“¦
Apache

Openmeetings

= 3.2.0
πŸ“¦
Apache

Openmeetings

= 3.2.1

References & Advisories

πŸ”— http://markmail.org/message/j774dp5ro5xmkmg6
πŸ”— http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2017-766410.0

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CVE-2016-87369.8

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

CVE-2017-76739.8

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dial...

CVE-2017-76668.8

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based a...