CVE-2025-8126

A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument paramsdataScope leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

deer-wms-2 注入漏洞

deer-wms-2 is a Chinese deerwms open source warehouse management system . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from the file /system/role/export on the parameter paramsdataScope incorrect operation leads to SQL injection...

deer-wms-2 注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from incorrect manipulation of the parameter paramsdataScope in the file /system/user/list resulting in SQL injection...

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

CVE-2024-6679

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

PT-2024-37797 · Unknown · Witmy My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue has been found, affecting some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to SQL injection. The attack may b...

PT-2024-37796 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue was found in the software, affecting an unknown functionality of the file "/api/dept/build". The manipulation of the params.dataScope argument leads to SQL injection...

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is a SpringBoot and SpringSecurity based RBAC backend privilege management system by codermy individual developer. A security vulnerability exists in my-springsecurity-plus prior to 2024.07.03, which stems from some unknown functionality in file/api/dept, where manipulation...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in file/api/role, where...

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy personal developer. A security vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an SQL injection due to manipulation of...

DingFlow 安全漏洞

DingFlow is DingFlow open source is committed to helping small and medium-sized intelligent office system. DingFlow v.2.0.0 version of a security vulnerability , the vulnerability stems from the system/role/list interface of the dataScope parameter SQL injection vulnerability...

LuckyFrame SQL注入漏洞

LuckyFrame is a free and open source testing platform. A security vulnerability exists in LuckyFrame v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/RoleMapper.xml...