2 matches found
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30923
DerbyNet v9.0 and earlier versions are affected by an SQL Injection in the print/render/racer.inc path that allows remote code execution via the where clause in Racer Document Rendering. Root cause is insufficient sanitization of the where parameter, enabling attackers to manipulate SQL queries. ...