Home > Vulnerability Database > CVE-2023-30465

Mend.io Vulnerability Database

CVE-2023-30465

Good to know:

Date: April 11, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the user with ID 1 from the "user" table, one character at a time. Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529

Language: Java

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30465

Url: http://www.openwall.com/lists/oss-security/2023/04/11/2

Url: https://lists.apache.org/thread/mrh4nr3jrlbj6nxkn4q8hddbfh1pnok0

Url: https://www.mend.io/vulnerability-database/CVE-2023-30465

Severity Score

6.5

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version org.apache.inlong:manager-pojo:1.6.0, org.apache.inlong:manager-service:1.6.0

Learn More

CVSS v3

Base Score:	6.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30465

Good to know:

Date: April 11, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

Do you need more information?