2 matches found
CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
CVE-2023-52290
CVE-2023-52290 affects Apache StreamPark’s streampark-console prior to version 2.1.4. The vulnerability arises from unvalidated sort field input used to build SQL queries in list pages (e.g., application pages), enabling SQL injection after an authenticated user logs in. Impact is described as da...