SQL Injection

2023-01-1209:53:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

salesforce

sql injection

queryspec.cs

vulnerability

software security

EPSS

0.002

Percentile

58.0%

JSON

salesforce.sdk.core is vulnerable to SQL injection. The vulnerability exists in QuerySpec.cs because the user provided inputs for are not properly validated which allows an attacker to inject and execute malicious SQL queries in the system.

References

github.com/advisories/GHSA-r3hc-3x59-gp9x

github.com/forcedotcom/SalesforceMobileSDK-Windows/commit/83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8

github.com/forcedotcom/SalesforceMobileSDK-Windows/releases/tag/v5.0.0

vuldb.com/?ctiid.217619

vuldb.com/?id.217619

EPSS

0.002

Percentile

58.0%

JSON

Related for VERACODE:38855