Описание
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-6433
- http://jira.jboss.com/jira/browse/JBSEAM-2084
- http://osvdb.org/42631
- http://secunia.com/advisories/28077
- http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866
- http://www.redhat.com/support/errata/RHSA-2008-0151.html
- http://www.redhat.com/support/errata/RHSA-2008-0158.html
- http://www.redhat.com/support/errata/RHSA-2008-0213.html
- http://www.securityfocus.com/bid/26850
- http://www.vupen.com/english/advisories/2007/4215
Связанные уязвимости
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
The getRenderedEjbql method in the org.jboss.seam.framework.Query clas ...