CVE-2007-2759

Name of the Vulnerable Software and Affected Versions Adempiere versions prior to 3.1.6

Description The issue concerns SQL injection vulnerabilities in the insert function of the ValuePreference class. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by manipulating the m Attribute or m Value parameters.

Recommendations For versions prior to 3.1.6, update to version 3.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the insert function in the ValuePreference class to minimize the risk of exploitation. Avoid using the m Attribute and m Value parameters in the affected function until the issue is resolved.