The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| parosproxy | parosproxy | 3.2.4 |
| parosproxy | parosproxy | 3.2.3 |
| parosproxy | parosproxy | 3.2.0 |
| parosproxy | parosproxy | 3.2.1 |
| parosproxy | parosproxy | 3.2.2 |
| parosproxy | parosproxy | 3.2.6 |
| parosproxy | parosproxy | 3.2.5 |