Submit #775594: erupts erupt erupt <= 1.13.3 Improper Input Validationinfo

Titleerupts erupt erupt <= 1.13.3 Improper Input Validation
DescriptionErupt contains a HQL (Hibernate Query Language) injection vulnerability in the table query functionality. The sort.field parameter from user requests is directly concatenated into the ORDER BY clause without validation or parameterization, allowing authenticated attackers to inject arbitrary HQL expressions. This enables cross-table data exfiltration through boolean-based blind injection techniques.
Source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/ETWUdbPk1oCC56xoEWHc3Q28nEc?from=from_copylink
User
 xcxr (UID 86629)
Submission03/09/2026 07:50 (1 month ago)
Moderation03/22/2026 12:59 (13 days later)
StatusAccepted
VulDB entry352431 [erupts erupt up to 1.13.3 EruptJpaUtils.java geneEruptHqlOrderBy sort.field sql injection]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!