PT-2023-10331 · Salesforce · Salesforcemobilesdk-Windows
Published
2023-01-07
·
Updated
2024-08-06
·
CVE-2016-15012
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SalesforceMobileSDK-Windows versions up to 4.x
Description
A critical issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs, leading to sql injection. This issue only affects products that are no longer supported by the maintainer.
Recommendations
For versions up to 4.x, upgrade to version 5.0.0 to address this issue. As a temporary workaround, consider restricting the use of the ComputeCountSql function until the upgrade is applied.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Salesforcemobilesdk-Windows