Major Description
There are possible SQL injections :
Issue 1 :
Overview : On line 139 of PhoenixUtil.java, the method executeStatementThrowException() invokes a SQL query built using input coming from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Comment : As the source SQL query can have IN clause in SQL statement, please use this link to fix http://stackoverflow.com/questions/3107044/preparedstatement-with-list-of-parameters-in-a-in-clause
Issue 2 :
Overview : On line 60 of EntityFactory.java, the method findMultiple() invokes a SQL query built using input coming from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Comment : Limit value can be misused as well.
Tagged : Suspicious
Overview : On line 154 of PhoenixUtil.java, the method executeStatement() invokes a SQL query built using input coming from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Comment : Applying schema to file?