जमा करें #786727: PowerJob 5.1.0/5.1.1/5.1.2 SQL Injectionजानकारी

शीर्षकPowerJob 5.1.0/5.1.1/5.1.2 SQL Injection
विवरणA critical vulnerability was found in PowerJob v5.1.0 through v5.1.2. The /instance/detailPlus endpoint in InstanceController.java lacks the @ApiPermission annotation, allowing unauthenticated access. The customQuery parameter is concatenated directly into SQL queries without proper sanitization. The existing keyword blacklist does not include H2 database-specific commands such as RUNSCRIPT and CALL. This allows an unauthenticated attacker to execute arbitrary code on the server via H2 SQL injection. The attack can be initiated remotely without any authentication. A patch has been submitted (PR #1166).
स्रोत⚠️ https://github.com/PowerJob/PowerJob/issues/1167
उपयोगकर्ता
 anch0r (UID 96691)
सबमिशन24/03/2026 04:50 AM (4 महीनों पहले)
संयम07/04/2026 03:31 PM (14 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि355746 [PowerJob 5.1.0/5.1.1/5.1.2 detailPlus Endpoint InstanceController.java customQuery SQL इंजेक्शन]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!