Vulnerability Details CVE-2007-6433
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://jira.jboss.com/jira/browse/JBSEAM-2084
- http://osvdb.org/42631
- http://secunia.com/advisories/28077
- http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866
- http://www.redhat.com/support/errata/RHSA-2008-0151.html
- http://www.redhat.com/support/errata/RHSA-2008-0158.html
- http://www.redhat.com/support/errata/RHSA-2008-0213.html
- http://www.securityfocus.com/bid/26850
- http://www.vupen.com/english/advisories/2007/4215
- http://jira.jboss.com/jira/browse/JBSEAM-2084
- http://osvdb.org/42631
- http://secunia.com/advisories/28077
- http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866
- http://www.redhat.com/support/errata/RHSA-2008-0151.html
- http://www.redhat.com/support/errata/RHSA-2008-0158.html
- http://www.redhat.com/support/errata/RHSA-2008-0213.html
- http://www.securityfocus.com/bid/26850
- http://www.vupen.com/english/advisories/2007/4215