SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder prior to 0.6.0.Beta1 allows remote malicious users to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat dashbuilder |
||
redhat jboss bpm suite 6.0.0 |
||
redhat jboss bpm suite 6.0.1 |
||
redhat jboss bpm suite 6.0.3 |
||
redhat jboss bpm suite 6.1 |
||
redhat jboss bpm suite 6.1.2 |
||
redhat jboss enterprise brms platform 5.0.0 |
||
redhat jboss enterprise brms platform 5.3.1 |
||
redhat jboss enterprise brms platform 6.0.0 |
||
redhat jboss enterprise brms platform 6.0.1 |
||
redhat jboss enterprise brms platform 6.0.2 |
||
redhat jboss enterprise brms platform 6.0.3 |
||
redhat jboss enterprise brms platform 6.1 |
||
redhat jboss enterprise brms platform 6.3 |