SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
The vulnerability occurs in the racer document rendering mechanism, where the application does not properly validate input data passed in the WHERE clause of an SQL query. An attacker can craft a malicious network request containing a properly constructed SQL payload that will be executed directly by the database engine. By abusing database mechanisms, it is possible to further execute arbitrary code (RCE) on the vulnerable system.
An attacker can gain full control over the application's database, and consequently execute arbitrary code on the server, leading to compromise of confidentiality, integrity, and availability of the entire system.
Patches available from the vendor should be applied according to the references. As additional remedial measures, it is recommended to restrict access to the application only to trusted networks and to apply WAF rules blocking SQL Injection attempts.
DerbyNet in version 9.0 and all earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDerbynet
APPDerbynet≤ 9.0
Related vulnerabilities
SQL Injection w DerbyNet v9.0 — zdalne wykonanie kodu przez klauzulę WHERE
Path Traversal z RCE w DerbyNet v.9.0 — komponent kiosk.php
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary co...
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via ...
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via t...