Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection
CVE-2016-15007

5.5MEDIUM

Key Information:

Vendor

Centralized Salesforce Development Framework Project

Status
Centralized-salesforce-dev-framework
Vendor
CVE Published:
2 January 2023

What is CVE-2016-15007?

A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195.

Affected Version(s)

Centralized-Salesforce-Dev-Framework

References

https://vuldb.com/?id.217195
vdb-entrytechnical-description
https://vuldb.com/?ctiid.217195
signaturepermissions-required
https://github.com/scottbcovert/Centralized-Salesforce-De...
patch

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.