CVE-2007-6433 Vulnerability in maven package org.jboss.seam:jboss-seam

Description

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Remediation

References

http://jira.jboss.com/jira/browse/JBSEAM-2084

http://osvdb.org/42631

http://secunia.com/advisories/28077

http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

http://www.redhat.com/support/errata/RHSA-2008-0151.html

http://www.redhat.com/support/errata/RHSA-2008-0158.html

http://www.redhat.com/support/errata/RHSA-2008-0213.html

http://www.securityfocus.com/bid/26850

http://www.vupen.com/english/advisories/2007/4215

Related Vulnerabilities

CVE-2018-1000023 Vulnerability in npm package insight-api

CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2024-36401 Vulnerability in maven package org.geoserver.web:gs-web-app

CVE-2023-25653 Vulnerability in maven package org.webjars.npm:node-jose

CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser

Severity

Critical

Classification

CWE-20