https://feed.craftedsignal.io/tags/erupt/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 18:16:26 +0000https://feed.craftedsignal.io/briefs/2024-01-02-erupt-sql-injection/Mon, 23 Mar 2026 18:16:26 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-02-erupt-sql-injection/A SQL injection vulnerability (CVE-2026-4594) exists in erupts erupt up to version 1.13.3, allowing remote attackers to execute arbitrary SQL commands by manipulating the sort.field argument in the geneEruptHqlOrderBy function.A SQL injection vulnerability, identified as CVE-2026-4594, has been discovered in the erupts erupt framework, affecting versions up to 1.13.3. The vulnerability resides within the geneEruptHqlOrderBy function in the erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java file. Attackers can remotely exploit this flaw by manipulating the sort.field argument, leading to arbitrary SQL command execution within the Hibernate framework. Public exploit code is available…

]]>highadvisorysql-injectionvulnerabilityerupt