71 matches found
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-40539
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...
CVE-2024-40542
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...
CVE-2024-40539
CVE-2024-40539 concerns my-springsecurity-plus prior to v2024.07.03, where a SQL injection is exposed via the dataScope parameter in the /api/user endpoint. The issue is documented across multiple sources indicating the vulnerable component and the attack surface. Public references consistently s...
PT-2024-28906 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...
CVE-2024-40542
CVE-2024-40542 affects my-springsecurity-plus versions before v2024.07.03. A SQL injection is exposed via the dataScope parameter at /api/role?offset, as documented across NVD/Red Hat/CNNVD entries. Impact is described variably: NVD base score 9.8 (CRITICAL) with full confidentiality, integrity, ...
CVE-2024-40541
Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
PT-2024-20796 · Snow Snow · Snow Snow
Name of the Vulnerable Software and Affected Versions: snow snow version 2.0.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the dataScope parameter of the "system/role/list" interface. This enables the attacker to potentially access and manipulate...
CVE-2024-25168
Snow Snow v2.0.0 is affected by a SQL injection in the dataScope parameter of the system/role/list interface, enabling a remote attacker to execute arbitrary code. The root cause is input handling in that endpoint, allowing injectable SQL statements. Documented impact is remote code execution wit...
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...
CVE-2023-24219
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...
CVE-2023-24220
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...