OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fixed in 17.3.3 and 17.4.1.
Metrics
Affected Vendors & Products
References
History
Mon, 29 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 26 Jun 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Opf
Opf openproject |
|
| Vendors & Products |
Opf
Opf openproject |
Fri, 26 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fixed in 17.3.3 and 17.4.1. | |
| Title | OpenProject: SQL injection in timestamps functionality | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-26T18:54:03.858Z
Updated: 2026-06-29T15:20:26.732Z
Reserved: 2026-06-08T17:13:43.066Z
Link: CVE-2026-52785
Updated: 2026-06-29T15:00:35.577Z
No data.
No data.