Read Time:20 Second
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30922
Description:
A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the ‘where’ clause in
Award Document Rendering through the component `print/render/award.inc`. This vulnerability allows remote attackers to
execute arbitrary code and disclose sensitive information without requiring authentication.
Vulnerability Type: SQL Injection
Vendor of Product: DerbyNet -…