The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
Max CVSS
7.5
EPSS Score
1.62%
Published
2007-12-18
Updated
2011-03-08
1 vulnerabilities found