CVE-2022-4963 | Folio Spring Module Core up to 1.1.5 Schema Name HibernateSchemaService.java dropSchema sql injection (FOLIO-3645)

A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection.

This vulnerability is handled as CVE-2022-4963. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2022-4963 | Folio Spring Module Core up to 1.1.5 Schema Name HibernateSchemaService.java dropSchema sql injection (FOLIO-3645)

Post correlati

CVE-2024-4154 | lunary-ai lunary PATCH Request incorrect synchronization

CVE-2024-34139 | Adobe Bridge up to 14.0.4/13.0.7/14.1 integer overflow (apsb24-51)

CVE-2024-29927 | HasTheme WishSuite Plugin up to 1.3.7 on WordPress cross site scripting

CVE-2024-34230 | SourceCodester Laboratory Management System 1.0 System Information cross site scripting