logo

Database

SQL injection - Code In tech.powerjob:powerjob-server-starter

Description

PowerJob vulnerable to SQL injection A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection. Remote exploitation of the attack is possible. The project was informed of the problem early through an issue report but has not responded yet.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2026-57362. NVD-2026-57363. OSV-2026-57364. GCVE-2026-5736

References

1. https://github.com/PowerJob/PowerJob/issues/11672. https://github.com/PowerJob/PowerJob/pull/1166

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.