EPSS
Percentile
48.2%
liblog4cxx.so is vulnerable to SQL Injection. The vulnerability exists when using the ODBC appender to send log messages to a database because the fields are not properly escaped which allows an attacker to inject and execute arbitrary SQL queries.
github.com/apache/logging-log4cxx/commit/e90e07003e9e8082b3521c3fd71837cd1a569553
lists.apache.org/thread/vgjlpdf353vv91gryspwxrzj6p0fbjd9
www.redpacketsecurity.com/apache-log4cxx-sql-injection-cve-2023-31038/