| 标题 | ESAPI esapi-java-legacy 2.6.2.0 SQL injection filtering bypass1 |
|---|
| 描述 | When using Oracle's codec OracleCodex and ESAPI library for encoding in ESAPI2.6.2.0 components, SQL injection can be bypassed. Attackers can exploit this vulnerability to bypass SQL injection and launch SQL injection attacks |
|---|
| 来源 | ⚠️ https://github.com/uglory-gll/javasec/blob/main/ESAPI.md |
|---|
| 用户 | uglory (UID 82151) |
|---|
| 提交 | 2025-06-04 15時22分 (10 月前) |
|---|
| 管理 | 2025-06-28 09時15分 (24 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 314321 [ESAPI esapi-java-legacy 直到 2.6.2.0 SQL Injection Defense Encoder.encodeForSQL 远程代码执行] |
|---|
| 积分 | 16 |
|---|