177 matches found
CVE-2024-33148
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the list function...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the unallocatedList function of the...
CVE-2024-33139
J2EEFAST v2.7.0 contains an SQL injection vulnerability in the findpage function, via the sql_filter parameter, due to lack of input validation. The issue could allow unauthorized access to or disclosure of database data (confidentiality impact). Documented in multiple sources (e.g., CVE-2024-331...
CVE-2024-33147
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authRoleList function...
CVE-2024-33144
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml...
CVE-2024-33147
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authRoleList function...
PT-2024-25132 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the sql filter parameter in the list function. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the list...
CVE-2024-33155
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the getDeptList function...
PT-2024-25131 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the authRoleList function. This allows for potential exploitation. No information is provided about the estimated number of affected...
CVE-2024-33161
CVE-2024-33161 affects J2EEFAST v2.7.0, with a SQL injection vulnerability exposed through the sql_filter parameter in the unallocatedList() function. The issue enables potential unauthorized SQL execution and data exposure, as indicated by the CVE description and Red Hat/CNVD entries. The CVSS 3...
CVE-2024-33161
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the unallocatedList function...
CVE-2024-33153
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the commentList function...
CVE-2024-33139
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...
CVE-2024-33139
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...
CVE-2024-33149
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the myProcessList function...
CVE-2024-33153
CVE-2024-33153 affects J2EEFAST v2.7.0. A SQL injection vulnerability exists in the commentList() function via the sql_filter parameter due to lack of validation against externally entered SQL statements. Impact described in sources is high (confidentiality, integrity, and availability affected) ...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the myProcessList function of the...
CVE-2024-33148
CVE-2024-33148 : Concrete details from connected docs show a SQL injection in J2EEFAST v2.7.0 via the sql_filter parameter in the list function. Root cause, per CNVD/NVD/Red Hat/CVE records, is improper validation of external input in that function. Reported impact is SQL data exposure/alteration...
CVE-2024-33147
CVE-2024-33147 affects the J2EEFAST project, specifically version 2.7.0, with a SQL injection vulnerability in the authRoleList function exposed via the sql_filter parameter. The root cause is lack of input validation for external SQL statements in that function, enabling attackers to execute arb...
CVE-2023-2476
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...