CVE-2016-15007

Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection

Description

A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195.

References

Link	Tags
https://vuldb.com/?id.217195	permissions required vdb entry third party advisory technical description
https://vuldb.com/?ctiid.217195	permissions required signature third party advisory
https://github.com/scottbcovert/Centralized-Salesforce-Dev-Framework/commit/db03ac5b8a9d830095991b529c067a030a0ccf7b	third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2016-15007?: CVE-2016-15007 has been scored as a medium severity vulnerability.
How to fix CVE-2016-15007?: To fix CVE-2016-15007, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-15007 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2016-15007 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2016-15007?: CVE-2016-15007 affects n/a Centralized-Salesforce-Dev-Framework.

Description

Category

CWE-74 – Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

References

Frequently Asked Questions