9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Boolean-Based SQL Injection in Multiple Unica Components
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.
Affected products
- ==Version 25.1.1 and below
Matching in nixpkgs
pkgs.unicap
Universal video capture API
pkgs.libsForQt5.communicator
Contacts and dialer application
pkgs.plasma5Packages.communicator
Contacts and dialer application
pkgs.octavePackages.communications
Digital Communications, Error Correcting Codes (Channel Code), Source Code functions, Modulation and Galois Fields
-
nixos-unstable 11.1.0-communications-1.2.7
- nixpkgs-unstable 11.1.0-communications-1.2.7
- nixos-unstable-small 11.1.0-communications-1.2.7
-
nixos-25.11 10.3.0-communications-1.2.7
- nixos-25.11-small 10.3.0-communications-1.2.7
- nixpkgs-25.11-darwin 10.3.0-communications-1.2.7
pkgs.gnomeExtensions.server-communicator
Send API requests to servers or mount them at a click of a button. Copies and shows response in a dialog.
pkgs.haskellPackages.belgian-structured-communication
parsing, rendering and manipulating the structured communication of Belgian financial transactions
Package maintainers
-
@onny Jonas Heinrich <onny@project-insanity.org>
-
@KarlJoad Karl Hallsby <karl@hallsby.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@honnip Jung seungwoo <me@honnip.page>