CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

Sql injection

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

CVE-2016-4999

CVE-2016-4999 applies to Dashbuilder prior to 0.6.0.Beta1, where a SQL injection flaw exists in getStringParameterSQL (DefaultDialect.java) that can allow remote attackers to execute arbitrary SQL via a data set lookup filter in the Data Set Authoring or Displayer editor UI. Multiple records (NVD...

Dashbuilder: SQL Injection on data set lookup filters

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...