8 matches found
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
PT-2026-1876
Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...
TIM BPM Suite和TIM FLOW 安全漏洞
TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions 9.1.2 and earlier, which stems from Hibernate query language injection and could lead to information disclosure...
CVE-2025-67280
TIM BPM Suite and TIM FLOW
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
CVE-2023-26093
Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...
Hibernate SQL Injection Vulnerability in Electric Power Safety Supervision Information System
Electric Power Safety Supervision Information System is an electric power safety management system of Guodian Ruichi Vision Information Technology Co. There is a Hibernate SQL injection vulnerability in the power security monitoring system, by entering ' and 1=1, password arbitrary, and combining...