17 matches found
XWiki - HQL Injection
XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
EUVD-2025-35106
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
CVE-2025-8052
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
EUVD-2025-32540
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation. Remediation Upgrade...
EUVD-2023-29966
Malicious code in bioql PyPI...
The vulnerability of the Hibernate query service implementation in the Kaiten project management system lies in the lack of protective measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Hibernate query service implementation in the Kaiten project management tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of th...
CVE-2023-26093
Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...
CVE-2023-26093
Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...
CVE-2023-26093
Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...
PT-2020-6996 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.3-milestone-2 through 13.10.4 XWiki Platform versions 11.10.6 through 14.3-rc-1 are not needed as they are included in the range above, so the final version is: XWiki Platform versions 6.3-milestone-2 through 13.10.4...
HITB16 issues resolution: Java applications ORM injection the development of new methods-vulnerability warning-the black bar safety net
! “Hack In The Box”conference is in Europe in Amsterdam, organized by the global well-known Security Summit. This year's conference very interesting, one by a security researcher Mikhail Egorov and Sergey Soldatov presented the topic“Java application ORM injection the development of new...