CVE-2016-4999

CRITICAL

Dashbuilder < 0.6.0.Beta1 - SQL Injection via Data Set Lookup Filter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4999. PoCs published by shanika04.

AI-analyzed exploit summary The repository contains source code for Dashbuilder, a dashboard and reporting web app, but lacks any exploit code or technical details related to CVE-2016-4999. The README provides general project information and build instructions without referencing the vulnerability.

Description

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.

Exploits (1)

nomisec STUB

by shanika04 · poc

https://github.com/shanika04/dashbuilder

View Code ZIP pw:eip

The repository contains source code for Dashbuilder, a dashboard and reporting web app, but lacks any exploit code or technical details related to CVE-2016-4999. The README provides general project information and build instructions without referencing the vulnerability.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Dashbuilder

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2016:1429

Permissions Required x_refsource_confirm

https://issues.jboss.org/browse/DASHBUILDE-113

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2016:1428

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91795

Third Party Advisory x_refsource_confirm

https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b

View Writeup ZIP pw:eip

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1349990

Scores

CVSS v3 9.8

EPSS 0.0697

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (14)

redhat/dashbuilder < 0.5.0

redhat/jboss_bpm_suite 6.0.0

redhat/jboss_bpm_suite 6.0.1

redhat/jboss_bpm_suite 6.0.3

redhat/jboss_bpm_suite 6.1

redhat/jboss_bpm_suite 6.1.2

redhat/jboss_enterprise_brms_platform 5.0.0

redhat/jboss_enterprise_brms_platform 5.3.1

redhat/jboss_enterprise_brms_platform 6.0.0

redhat/jboss_enterprise_brms_platform 6.0.1

... and 4 more

Published Aug 05, 2016

Tracked Since Feb 18, 2026