17 matches found
CVE-2026-7699
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7699 Dromara MaxKey StrUtils.java StrUtils.checkSqlInjection sql injection
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7699
Dromara MaxKey up to 3.5.13 contains the StrUtils.checkSqlInjection vulnerability in StrUtils.java. The issue arises from manipulating the argument filtersfields, enabling remote SQL injection. The exploit is reported as publicly available and the vulnerability has a PROOF-OF-CONCEPT exploit; CVS...
CVE-2026-7699
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
EUVD-2026-26837
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7699 Dromara MaxKey StrUtils.java StrUtils.checkSqlInjection sql injection
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
Dromara MaxKey 注入漏洞
Dromara MaxKey is an open-source identity and authentication product developed by Dromara. Versions of Dromara MaxKey 3.5.13 and earlier contained a vulnerability due to an SQL injection issue. This vulnerability stemmed from the operation of the StrUtils.checkSqlInjection function in the...
PT-2026-36702
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
EUVD-2025-18913
Malicious code in bioql PyPI...
CVE-2025-6517
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...
CVE-2025-6517
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...
CVE-2025-6517
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...
CVE-2025-6517 Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...
CVE-2025-6517 Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...
CVE-2025-6517
CVE-2025-6517 affects Dromara MaxKey (up to 4.1.7). The vulnerability is in the Add function of maxkey-webs/maxkey-web-mgt/src/main/java/org/dromara/maxkey/web/apps/controller/SAML20DetailsController.java (Meta URL Handler). Manipulation of the post argument enables server-side request forgery (S...
Dromara MaxKey 代码问题漏洞
Dromara MaxKey is an IAM-IDaas identity management and authentication product from Dromara open source. A code issue vulnerability exists in Dromara MaxKey version 4.1.7 and earlier, which stems from a misbehavior of the parameter post, leading to server-side request forgery...
PT-2025-26631 · Dromara · Dromara Maxkey
Name of the Vulnerable Software and Affected Versions: Dromara MaxKey versions up to 4.1.7 Description: A critical issue affects the function Add of the SAML20DetailsController.java file in the Meta URL Handler component. The manipulation of the post argument leads to server-side request forgery,...