The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
References
Configurations
History
No history.
Information
Published : 2007-12-18 20:46
Updated : 2024-02-04 17:13
NVD link : CVE-2007-6433
Mitre link : CVE-2007-6433
CVE.ORG link : CVE-2007-6433
JSON object : View
Products Affected
jboss
- seam
CWE
CWE-20
Improper Input Validation