Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained fro...
8.5AI Score
0.002EPSS
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
6.5AI Score
0.004EPSS
Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors.
6.7AI Score
0.034EPSS