5 matches found
GHSA-4FP2-3XGG-JG4W PowerJob vulnerable to SQL injection
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the customQuery argument in the detailPlus endpoint. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for tech.powerjob:powerjob-server-starter...
tech.powerjob:powerjob-server-starter (>=4.3.1 <=5.1.1) potentially affected by CVE-2026-5739 via tech.powerjob:powerjob-server-core (>=4.3.1 <=5.1.1)
tech.powerjob:powerjob-server-core MAVEN version =4.3.1, =4.3.1, =5.1.1 Source cves: CVE-2026-5739 Source advisory: SNYK:JAVA-TECHPOWERJOB-15928844...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via multiple APIs in OpenAPIController. An attacker can gain unauthorized access to sensitive information by sending crafted requests to the endpoints. Remediation There is no fixed version for...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the list function in UserInfoController.java. An attacker can access sensitive user information by sending unauthorized requests remotely. Remediation There is no fixed version for...