Lucene search
+L

43 matches found

ptsecurity
ptsecurity
added 2024/07/12 12:0 a.m.7 views

PT-2024-28904 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...

9.8CVSS7.7AI score0.00456EPSS
Exploits1References4
cvelist
cvelist
added 2024/07/12 12:0 a.m.41 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

0.00431EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/07/12 12:0 a.m.10 views

PT-2024-28906 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...

9.8CVSS7.7AI score0.00431EPSS
Exploits1References4
cnnvd
cnnvd
added 2024/07/12 12:0 a.m.6 views

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

9.8CVSS8AI score0.00456EPSS
Exploits1References2
cve
cve
added 2024/07/12 12:0 a.m.83 views

CVE-2024-40540

CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...

9.8CVSS8.3AI score0.00456EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2024/07/11 5:15 p.m.43 views

CVE-2024-6681

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

9.8CVSS0.00473EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/11 4:31 p.m.52 views

CVE-2024-6681 witmy my-springsecurity-plus dept sql injection

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

6.5CVSS0.00473EPSS
Exploits0References3
cve
cve
added 2024/07/11 4:31 p.m.79 views

CVE-2024-6681

Affected product: witmy my-springsecurity-plus (up to 2024-07-04). Vulnerability: SQL injection via manipulation of the argument params.dataScope in the endpoint /api/dept, leading to potential remote exploitation. Multiple sources confirm the issue and public disclosure of the exploit. Impact (a...

9.8CVSS6.8AI score0.00473EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/07/11 4:15 p.m.32 views

CVE-2024-6680

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

9.8CVSS0.00473EPSS
Exploits0References3
osv
osv
added 2024/07/11 4:15 p.m.10 views

CVE-2024-6680

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

9.8CVSS6.3AI score0.00473EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/07/11 4:0 p.m.9 views

CVE-2024-6680 witmy my-springsecurity-plus build sql injection

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

6.5CVSS7.4AI score0.00473EPSS
Exploits0References3
cve
cve
added 2024/07/11 4:0 p.m.81 views

CVE-2024-6680

CVE-2024-6680 affects witmy my-springsecurity-plus up to 2024-07-04. The vulnerability arises from manipulating the params.dataScope argument in /api/dept/build, enabling remote SQL injection. Exploit disclosed publicly; impact stated as high for confidentiality, integrity, and availability. No r...

9.8CVSS6.9AI score0.00473EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/07/11 3:15 p.m.23 views

CVE-2024-6679

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

9.8CVSS0.00566EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/07/11 3:0 p.m.10 views

CVE-2024-6679 witmy my-springsecurity-plus role sql injection

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS7.4AI score0.00566EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/11 3:0 p.m.27 views

CVE-2024-6679 witmy my-springsecurity-plus role sql injection

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS0.00566EPSS
Exploits0References3
cve
cve
added 2024/07/11 3:0 p.m.81 views

CVE-2024-6679

CVE-2024-6679 affects witmy my-springsecurity-plus (up to 2024-07-04). The flaw exists in the /api/role endpoint where manipulating the argument params.dataScope enables SQL injection. It can be exploited remotely and the vulnerability has been publicly disclosed. Multiple sources (NVD, CVE List,...

9.8CVSS6.9AI score0.00566EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/07/11 3:15 a.m.31 views

CVE-2024-6676

A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...

8.8CVSS0.00446EPSS
Exploits0References3
cve
cve
added 2024/07/11 2:0 a.m.79 views

CVE-2024-6676

witmy my-springsecurity-plus is affected by a SQL injection in /api/user triggered by manipulating the params.dataScope argument. The vulnerability has remote potential and has been disclosed publicly. Multiple sources (including CVE-2024-6676 records and PT-2024-37793) confirm a critical issue w...

8.8CVSS6.8AI score0.00446EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2024/07/11 2:0 a.m.33 views

CVE-2024-6676 witmy my-springsecurity-plus user sql injection

A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...

6.5CVSS0.00446EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/07/11 2:0 a.m.12 views

CVE-2024-6676 witmy my-springsecurity-plus user sql injection

A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...

6.5CVSS7.2AI score0.00446EPSS
Exploits0References3
Rows per page
Query Builder