Submit #590150: ESAPI esapi-java-legacy 2.6.2.0 SQL injection filtering bypass2info

TitleESAPI esapi-java-legacy 2.6.2.0 SQL injection filtering bypass2
DescriptionWhen using MySQL codec's ANSI mode and ESAPI library for encoding in ESAPI2.6.2.0 components, SQL injection defense can be bypassed. Attackers can exploit this vulnerability to bypass SQL injection defense and launch SQL injection attacks
Source⚠️ https://github.com/uglory-gll/javasec/blob/main/ESAPI.md
User
 uglory (UID 82151)
Submission06/04/2025 15:23 (10 months ago)
Moderation06/28/2025 09:15 (24 days later)
StatusDuplicate
VulDB entry314321 [ESAPI esapi-java-legacy up to 2.6.2.0 SQL Injection Defense Encoder.encodeForSQL special element]
Points0

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!