J2EEFAST SysMsgPushMapper.xml File SQL Injection Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from SysMsgPushMapper.xml findPage...

CVE-2024-35084

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...

CVE-2024-35084

CVE-2024-35084 affects J2EEFAST v2.7.0. The vulnerability is a SQL injection in SysMsgPushMapper.xml’s findPage function caused by lack of validation for external input SQL statements. Reported impact indicates high confidentiality, integrity, and availability risk (base score 9.8, CVSS3.1: AV:N/...

CVE-2024-35084

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...

CVE-2024-35084

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...

PT-2024-26313 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was found in the findPage function within SysMsgPushMapper.xml. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the findPage function in SysMsgPushMapper.xm...