Soumettre #775594: erupts erupt erupt <= 1.13.3 Improper Input Validationinformation

Titreerupts erupt erupt <= 1.13.3 Improper Input Validation
DescriptionErupt contains a HQL (Hibernate Query Language) injection vulnerability in the table query functionality. The sort.field parameter from user requests is directly concatenated into the ORDER BY clause without validation or parameterization, allowing authenticated attackers to inject arbitrary HQL expressions. This enables cross-table data exfiltration through boolean-based blind injection techniques.
La source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/ETWUdbPk1oCC56xoEWHc3Q28nEc?from=from_copylink
Utilisateur
 xcxr (UID 86629)
Soumission09/03/2026 07:50 (il y a 2 mois)
Modérer22/03/2026 12:59 (13 days later)
StatutAccepté
Entrée VulDB352431 [erupts erupt jusqu’à 1.13.3 EruptJpaUtils.java geneEruptHqlOrderBy sort.field injection SQL]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!