10 matches found
CVE-2026-4594
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...
com.github.wjw465150:erupt-dsl (>=1.10.1 <=1.10.15), io.gitee.ank_code:ak-admin-bas (>=0.1 <=0.11) +18 more potentially affected by CVE-2026-4594 via xyz.erupt:erupt-jpa (>=1.10.beta <=1.12.9)
xyz.erupt:erupt-jpa MAVEN version =1.10.beta, =1.10.1, =0.1, =0.1, =0.1, =0.1, =0.1, =1.12.0, =1.12.20, =1.10.13, =1.10.8, =1.12.21, =1.11.7, =1.10.0-beta, =1.10.0-beta, =1.12.23 and more Source cves: CVE-2026-4594 Source advisory: SNYK:JAVA-XYZERUPT-15812216...
SQL Injection: Hibernate
Overview Affected versions of this package are vulnerable to SQL Injection: Hibernate via the geneEruptHqlOrderBy function. An attacker can execute arbitrary SQL commands by manipulating the sort.field argument remotely. Remediation Upgrade xyz.erupt:erupt-jpa to version 1.13.1 or higher...
CVE-2026-4594
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...
CVE-2026-4594
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...
CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...
CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...
CVE-2026-4594
The vulnerability CVE-2026-4594 affects the product family erupt (up to version 1.13.3). The issue is in the component erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java, specifically the function geneEruptHqlOrderBy, where manipulation of the sort.field argument leads to a S...
ERUPT 安全漏洞
ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Versions of ERUPT prior to 1.13.3 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the sort.field parameter in the...
PT-2026-27166
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...