CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

SpringBlade Secure Mode Bypass Vulnerability

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. SpringBlade suffers from a security model bypass vulnerability that stems from exposing a signing key, which can be exploited by an attacker to conduct a SQL injection attack by forging a JWT,...

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

Sql injection

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

CVE-2022-27360

CVE-2022-27360 affects SpringBlade v3.2.0 and earlier. The vulnerability is a SQL injection in the component customSqlSegment , arising from improper handling of input in SpringBlade’s SQL construction. The initial source documents describe the issue across multiple feeds (NVD, Red Hat, OSV, CVE ...

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

SpringBlade SQL注入漏洞

SpringBlade is a microservices development platform from China's Bread Networks Technology Company. A security vulnerability exists in SpringBlade v3.2.0 and earlier versions, which can be exploited by attackers to conduct SQL injection attacks via the component customSqlSegment...

SpringBlade SQL Injection Vulnerability

SpringBlade is a set of microservices development platform. A SQL injection vulnerability exists in the DAO/DTO implementation in SpringBlade 2.7.1 and earlier versions. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An...

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

Sql injection

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

CVE-2020-16165

CVE-2020-16165 affects SpringBlade up to 2.7.1. The DAO/DTO implementation allows SQL injection in an ORDER BY clause via the ascs/desc parameters of /api/blade-log/api/list. Impact is described as high, with potential for attackers to execute arbitrary SQL commands through the vulnerable sorting...

PT-2020-14787 · Springblade · Springblade

Name of the Vulnerable Software and Affected Versions: SpringBlade versions prior to 2.7.2 Description: The issue concerns SQL Injection in the ORDER BY clause, related to the /api/blade-log/api/list endpoint, specifically the ascs and desc parameters. Recommendations: For versions prior to 2.7.2...

Unauthorized Access Vulnerability in SpringBlade of Shanghai Bred Network Technology

SpringBlade is a SpringCloud distributed microservices architecture upgraded and optimized from a commercial-grade project. Shanghai Bred Network Technology SpringBlade has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...