| शीर्षक | Oinone Oinone Pamirs 7.2.0 Interface SQL Injection |
|---|
| विवरण | Oinone AI Low-Code Development Framework is a 100% metadata-driven framework. It offers enterprise-grade capabilities like permissions, internationalization, resources, messaging, data auditing, and distributed scalability out of the box.
In the Oinone Pamirs 7.2.0 framework, the queryListByWrapper interface of AppConfig contains an unauthenticated RSQL injection vulnerability. The underlying RSQLToSQLNodeConnector.makeVariable directly concatenates single quotes (return "'" + obj + "'") when processing strings without proper escaping. Attackers can leverage RSQL's double-quote ("") syntax to escape the string boundary and inject malicious SQL fragments. These fragments are then passed to the parser, resulting in a successful SQL injection. |
|---|
| स्रोत | ⚠️ https://github.com/SourByte05/SourByte-Lab/issues/12 |
|---|
| उपयोगकर्ता | sourbyte (UID 94279) |
|---|
| सबमिशन | 22/04/2026 10:20 AM (2 महीनों पहले) |
|---|
| संयम | 16/05/2026 12:30 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 364322 [Oinone Pamirs तक 7.2.0 queryListByWrapper Interface RSQLToSQLNodeConnector.makeVariable SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|