-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe provided vulnerability information lacks concrete technical details about the implementation flaw, such as code snippets, patch diffs, or specific endpoint/class references. While the CWE-89 indicates SQL injection via improper input sanitization, the advisory and NVD entry do not disclose the exact functions or code paths involved. Without access to the pre-patch codebase, commit history, or detailed technical writeup (e.g., exploit PoC), identifying specific vulnerable functions with high confidence is not possible. The vulnerability likely stems from user-controlled input being concatenated into SQL queries without parameterization in authenticated endpoints, but the absence of implementation-specific evidence prevents precise function identification.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.openmeetings:openmeetings-parent | maven | >= 1.0.0, < 3.3.0 | 3.3.0 |
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report