Apache Ranger eventTime parameter SQL injection Vulnerability (CVE-2016-2174)
Description ----------- Apache Ranger =:6080/service/plugins/policies/eventTime ?eventTime=' or '1'='1 &policyId=1 The vulnerable code is located in the org/apache/ranger/db/XXDataHistDao.java file in the findObjByEventTimeClassTypeAndId function: public XXDataHist...