83 matches found
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
PT-2024-28904 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...
PT-2024-28907 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/role?offset" API endpoint. Recommendations: For versions pri...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-40542
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...
CVE-2024-40539
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...
CVE-2024-40539
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
CVE-2024-40539
CVE-2024-40539 concerns my-springsecurity-plus prior to v2024.07.03, where a SQL injection is exposed via the dataScope parameter in the /api/user endpoint. The issue is documented across multiple sources indicating the vulnerable component and the attack surface. Public references consistently s...
CVE-2024-40542
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...
CVE-2024-40541
Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...
CVE-2024-40540
CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...
CVE-2024-40542
CVE-2024-40542 affects my-springsecurity-plus versions before v2024.07.03. A SQL injection is exposed via the dataScope parameter at /api/role?offset, as documented across NVD/Red Hat/CNNVD entries. Impact is described variably: NVD base score 9.8 (CRITICAL) with full confidentiality, integrity, ...
PT-2024-28906 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...
CVE-2024-6681 witmy my-springsecurity-plus dept sql injection
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...
CVE-2024-25168
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...