CVE-2018-25075

A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376.
References
Link Resource
https://vuldb.com/?ctiid.218376 Permissions Required Third Party Advisory
https://github.com/karsany/obridge/releases/tag/v1.4 Release Notes Third Party Advisory
https://vuldb.com/?id.218376 Third Party Advisory
https://github.com/karsany/obridge/commit/52eca4ad05f3c292aed3178b2f58977686ffa376 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:obridge_project:obridge:*:*:*:*:*:*:*:*

Information

Published : 2023-01-15 08:15

Updated : 2023-01-24 06:35


NVD link : CVE-2018-25075

Mitre link : CVE-2018-25075

Products Affected
No products.
CWE