CVE-2016-15012

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-15012
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15012.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-15012
Published
2023-01-07T13:15:09.530Z
Modified
2026-04-10T03:48:43.422949Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The patch is named 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Git / github.com/forcedotcom/salesforcemobilesdk-windows

Affected ranges

Type
GIT
Repo
https://github.com/forcedotcom/salesforcemobilesdk-windows
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e4dd3fa3182d0fd382e229e0c25d1bfd8b77a711
Fixed
83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.0.0"
        }
    ]
}

Affected versions

v4.*
v4.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15012.json"