If the java.sql.Statement or java.sql.PreparedStatement in HSQLDB is used to process untrusted input, then the system is vulnerable to a RCE attack of low complexity with a high impact on confidentiality, integrity and availability.    

This is due to the default behaviour of the vulnerable HSQLDB versions that allows a user to call any static method of any Java class in the classpath. An attacker with network access could supply values to select unexpected classes or methods and create control flow paths that were not intended by the developer. These paths can bypass authentication or access control checks. The attacker can then upload files in the application’s classpath that can lead to RCE on the affected system and provide the attacker with a foothold in the organisation.