3 matches found
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the getTemplate function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the supportedDataTypeParam parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the WorkflowDAO interface. An attacker can extract sensitive information from the database by manipulating the workflowtype and status parameters to construct malicious SQL queries. Remediatio...