Site icon API Security Blog

SQL Injection

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the `deleteRole` function in `RoleStore.java` allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the API interface `/auth/v1/roles/` is used.Read More

Exit mobile version