Blind SQL Injection found in cgFormBuildController

![image](https://user-images.githubusercontent.com/24394960/55513053-640af180-5697-11e9-9775-9f81fce1f49d.png)
In this method called 'findOneForJdbc',the params are just stitched in the query statement without security filtering.
![image](https://user-images.githubusercontent.com/24394960/55513071-7127e080-5697-11e9-9d2c-4ba89e2b36a7.png)
And this leads to a SQL injection.
![image](https://user-images.githubusercontent.com/24394960/55514728-6c652b80-569b-11e9-9b81-138f05fa9f02.png)
![image](https://user-images.githubusercontent.com/24394960/55514743-78e98400-569b-11e9-8e41-d4d817f45653.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Blind SQL Injection found in cgFormBuildController #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Blind SQL Injection found in cgFormBuildController #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions