CVE-2024-57765

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the sname parameter at table/list...

PT-2025-3556 · Msfm · Msfm

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a deserialization vulnerability that can be exploited via the pom.xml configuration file. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...

PT-2025-3560 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a fastjson deserialization vulnerability in the component system/table/editField. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...

CVE-2024-57765

MSFM is affected by a SQL injection in the s_name parameter exposed at the table/list endpoint, with versions prior to 2025.01.01 vulnerable. Exploitation could allow execution of arbitrary SQL and theft of sensitive data (per CNVD/CNNVD). Remediation details are not uniformly provided across sou...

PT-2025-3557 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a fastjson deserialization vulnerability in the component system/table/addField. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...