OrientDB up to and including 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote malicious users to execute arbitrary OS commands via a crafted request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orientdb orientdb |