Lucene search
CVE-2024-6680
Vulnerability in witmy my-springsecurity-plus allows remote SQL injection via /api/dept/buil
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2024-6680 witmy my-springsecurity-plus build sql injection | 11 Jul 202416:00 | – | cvelist |
 | CVE-2024-6680 | 11 Jul 202416:15 | – | nvd |
 | CVE-2024-6680 witmy my-springsecurity-plus build sql injection | 11 Jul 202416:00 | – | vulnrichment |
Node
[
{
"vendor": "witmy",
"product": "my-springsecurity-plus",
"versions": [
{
"version": "2024-07-04",
"status": "affected"
}
]
}
]| Source | Link |
|---|---|
| vuldb | www.vuldb.com/ |
| gitee | www.gitee.com/witmy/my-springsecurity-plus/issues/IAAH8A |
| vuldb | www.vuldb.com/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| params.dataScope | query param | /api/dept/build | SQL injection vulnerability due to improper handling of user input in params.dataScope. | CWE-89 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo11 Jul 2024 16:15Current
6.9Medium risk
Vulners AI Score6.9
CVSS26.5
CVSS36.3
CVSS45.3
EPSS0.00045
SSVC