3 matches found
J2eeFAST SQL Injection (CVE-2021-28890)
An SQL injection vulnerability exists in J2eeFAST. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2021-28890
Summary: CVE-2021-28890 affects J2eeFAST 2.2.1 and enables remote SQL injection due to improper handling of user-supplied inputs where ${} is used to join statements. Vulnerable component: fast/sys/user/list (compId), fast/sys/role/list (deptId), fast/sys/role/authUser/list (roleId). Root cause: ...
CVE-2021-28890
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...