CVSS
No CVSS.
O
penReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0.
References
Configurations
No configuration.
History
05 Mar 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-05 21:16
Updated : 2026-03-05 21:16
NVD link : CVE-2026-28443
Mitre link : CVE-2026-28443
CVE.ORG link : CVE-2026-28443
JSON object : View
Products Affected
No product.
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')