Submit #590149: ESAPI esapi-java-legacy 2.6.2.0 SQL injection filtering bypass1info

TitleESAPI esapi-java-legacy 2.6.2.0 SQL injection filtering bypass1
DescriptionWhen using Oracle's codec OracleCodex and ESAPI library for encoding in ESAPI2.6.2.0 components, SQL injection can be bypassed. Attackers can exploit this vulnerability to bypass SQL injection and launch SQL injection attacks
Source⚠️ https://github.com/uglory-gll/javasec/blob/main/ESAPI.md
User
 uglory (UID 82151)
Submission06/04/2025 15:22 (10 months ago)
Moderation06/28/2025 09:15 (24 days later)
StatusAccepted
VulDB entry314321 [ESAPI esapi-java-legacy up to 2.6.2.0 SQL Injection Defense Encoder.encodeForSQL special element]
Points16

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!