CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-7681

HIGH
8.8
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile37.40th
Published2017年7月17日
Last Modified2026年5月13日

Vulnerability Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Affected Platforms (CPE)

📦
Apache

Openmeetings

= 1.0.0
📦
Apache

Openmeetings

= 2.0
📦
Apache

Openmeetings

= 2.1
📦
Apache

Openmeetings

= 2.1.1
📦
Apache

Openmeetings

= 2.2.0
📦
Apache

Openmeetings

= 3.0.0
📦
Apache

Openmeetings

= 3.0.1
📦
Apache

Openmeetings

= 3.0.2
📦
Apache

Openmeetings

= 3.0.3
📦
Apache

Openmeetings

= 3.0.4
📦
Apache

Openmeetings

= 3.0.5
📦
Apache

Openmeetings

= 3.0.6
📦
Apache

Openmeetings

= 3.0.7
📦
Apache

Openmeetings

= 3.1.0
📦
Apache

Openmeetings

= 3.1.1
📦
Apache

Openmeetings

= 3.1.2
📦
Apache

Openmeetings

= 3.1.3
📦
Apache

Openmeetings

= 3.1.4
📦
Apache

Openmeetings

= 3.1.5
📦
Apache

Openmeetings

= 3.2.0
📦
Apache

Openmeetings

= 3.2.1

References & Advisories

🔗 http://markmail.org/message/j774dp5ro5xmkmg6
🔗 http://markmail.org/message/j774dp5ro5xmkmg6

関連する脆弱性情報

CVE-2017-766410.0

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CVE-2016-87369.8

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

CVE-2017-76739.8

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dial...

CVE-2017-76668.8

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based a...