3 matches found
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...
PT-2024-23678 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary SQL commands via the classids Parameter in the "ajax/query.slide.next.inc" endpoint. This enables attackers to manipulate database queries, potential...