Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests

GHSA-v2vm-hq26-5jv6 · CVE-2017-18888 · GO-2025-4203

Published May 24, 2022 · Modified Dec 15, 2025

Description

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.

Ready to move

Free, no credit card | First findings in minutes