1 results (0.001 seconds)
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 1
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 1CVE-2016-4999 – Dashbuilder: SQL Injection on data set lookup filters
https://notcve.org/view.php?id=CVE-2016-4999
14 Jul 2016 — SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. Vulnerabilidad de inyección SQL en el método getStringParameterSQL en main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java en Dashbuilder en versiones anteriores a 0.6.0.Beta1 p... • https://github.com/shanika04/dashbuilder • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •