Vulnerabilities > Adempiere > Adempiere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-18 | CVE-2007-2760 | Remote Security vulnerability in Adempiere The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. | 9.0 |
2007-05-18 | CVE-2007-2759 | SQL-Injection vulnerability in Adempiere Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. | 7.5 |