Read Time:21 Second
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30923
Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the
`print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.
Vulnerability Type: SQL Injection
Vendor of Product: DerbyNet – Available on…