CVE-2022-4963 | Folio Spring Module Core up to 1.1.5 Schema Name HibernateSchemaService.java dropSchema sql injection (FOLIO-3645)

A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection.

This vulnerability is handled as CVE-2022-4963. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2022-4963 | Folio Spring Module Core up to 1.1.5 Schema Name HibernateSchemaService.java dropSchema sql injection (FOLIO-3645)

Post correlati

CVE-2021-46902 | Meinberg LANTIME prior 6.24.029 MBGID-9343/7.04.008 MBGID-6303 LTOS-Web-Interface access control

CVE-2024-8413 | RaspControl 1.0 index.php action cross site scripting

CVE-2024-30953 | Htmly 2.9.5 Menu Editor Module Link Name cross site scripting

CVE-2023-49431 | Tenda AX9 22.03.01.46 /goform/SetOnlineDevName mac command injection