The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x prior to 2.0.0.CR3 allows remote malicious users to inject and execute arbitrary EJBQL commands via the order parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jboss seam |