starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which originates from the parameter categoryName in the file /admin/categories/update that can lead to cross-site scripting...

CVE-2024-13201

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the...

CVE-2024-13202

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...

CVE-2024-13201

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the...

CVE-2024-13202 wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...

CVE-2024-13202 wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...

CVE-2024-13202

CVE-2024-13202 affects wander-chu SpringBoot-Blog 1.0. The vulnerability lies in the function modifiyArticle in file src/main/java/com/my/blog/website/controller/admin/PageController.java of the Blog Article Handler component, where the argument content is manipulated, enabling cross-site scripti...

CVE-2024-13201 wander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted upload

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the...

CVE-2024-13201

CVE-2024-13201 affects wander-chu SpringBoot-Blog 1.0 in the Admin Attachment Handler, specifically the upload function in AttachtController.java. The root cause is manipulation of the file argument, enabling unrestricted uploads. Exploitation can be remote, and public disclosures exist. Several ...

CVE-2024-13201 wander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted upload

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the...

CVE-2024-13200

wander-chu SpringBoot-Blog 1.0 contains a critical flaw in the HTTP POST Request Handler: the preHandle function in BaseInterceptor.java has improper access controls, enabling remote exploitation. Multiple connected sources confirm the affected component and remote attack possibility, with public...

CVE-2024-13200 wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

CVE-2024-13200 wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

PT-2025-2059 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the upload function of the AttachtController.java file. The manipulation of the file...

SpringBoot-Blog 安全漏洞

SpringBoot-Blog is a Java blogging system for wand individual developers. A security vulnerability exists in SpringBoot-Blog version 1.0, which originates from the preHandle function in file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java that can lead to improper access contro...

SpringBoot-Blog 代码问题漏洞

SpringBoot-Blog is a Java blog system for wand individual developers. A code issue vulnerability exists in SpringBoot-Blog version 1.0, which stems from the upload function in file src/main/java/com/my/blog/website/controller/admin/AttachtController.java that can lead to unrestricted uploads...

com.alipay.sofa.koupleless:arklet-springboot-starter (>=1.0.0 <=1.4.2), com.alipay.sofa.koupleless:koupleless-base-starter (>=1.0.0 <=1.4.2) +84 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=2.7.0 <=2.7.2)

org.springframework.boot:spring-boot-loader MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.5.1, =0.5.1, =2.2.4, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2024-38807 Source advisory:...

Adobe: Disclosure of git metadata and springboot actuator information

The vulnerability involved the disclosure of git metadata and Springboot actuator information, which was responsibly disclosed and addressed through collaboration with the hacker...

CVE-2024-41600

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...

CVE-2024-41600

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...