An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control...
9.8CVSS
9.5AI Score
0.001EPSS
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error...
5.3CVSS
5.1AI Score
0.001EPSS
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL...
9.8CVSS
9.7AI Score
0.001EPSS
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component...
9.8CVSS
9.8AI Score
0.002EPSS
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc...
9.8CVSS
9.7AI Score
0.002EPSS