Sql injection

2016-08-0515:59:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

JSON

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.

CPENameOperatorVersion
dashbuilderle0.5.0
jboss_bpm_suiteeq6.1.2
jboss_bpm_suiteeq6.0.3
jboss_bpm_suiteeq6.0.0
jboss_bpm_suiteeq6.0.1
jboss_bpm_suiteeq6.1
jboss_enterprise_brms_platformeq6.3
jboss_enterprise_brms_platformeq6.1
jboss_enterprise_brms_platformeq6.0.2
jboss_enterprise_brms_platformeq5.3.1

Name	Operator	Version
dashbuilder	le	0.5.0
jboss_bpm_suite	eq	6.1.2
jboss_bpm_suite	eq	6.0.3
jboss_bpm_suite	eq	6.0.0
jboss_bpm_suite	eq	6.0.1
jboss_bpm_suite	eq	6.1
jboss_enterprise_brms_platform	eq	6.3
jboss_enterprise_brms_platform	eq	6.1
jboss_enterprise_brms_platform	eq	6.0.2
jboss_enterprise_brms_platform	eq	5.3.1