Esapi · Esapi · CVE-2025-5878
Name of the Vulnerable Software and Affected Versions:
ESAPI esapi-java-legacy versions prior to 2.7.0.0
Description:
A vulnerability was found in the interface `Encoder.encodeForSQL` of the SQL Injection Defense, leading to an improper neutralization of special elements. The attack may be initiated remotely. This issue affects the SQL Injection Defense, allowing for potential exploitation. The project handled the issue professionally after being contacted.
Recommendations:
For versions prior to 2.7.0.0, upgrade to version 2.7.0.0 to address this issue. As a temporary workaround, consider disabling the `Encoder.encodeForSQL` interface until the update is applied.