CVE-2016-15012 – forcedotcom SalesforceMobileSDK-Windows QuerySpec.cs ComputeCountSql sql injection

https://notcve.org/view.php?id=CVE-2016-15012

A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. • https://github.com/forcedotcom/SalesforceMobileSDK-Windows/commit/83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8 https://github.com/forcedotcom/SalesforceMobileSDK-Windows/releases/tag/v5.0.0 https://vuldb.com/?ctiid.217619 https://vuldb.com/?id.217619 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •