43 matches found
PT-2024-28904 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
PT-2024-28906 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...
my-springsecurity-plus SQL Injection Vulnerability
my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...
CVE-2024-40540
CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...
CVE-2024-6681
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...
CVE-2024-6681 witmy my-springsecurity-plus dept sql injection
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...
CVE-2024-6681
Affected product: witmy my-springsecurity-plus (up to 2024-07-04). Vulnerability: SQL injection via manipulation of the argument params.dataScope in the endpoint /api/dept, leading to potential remote exploitation. Multiple sources confirm the issue and public disclosure of the exploit. Impact (a...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-6680 witmy my-springsecurity-plus build sql injection
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-6680
CVE-2024-6680 affects witmy my-springsecurity-plus up to 2024-07-04. The vulnerability arises from manipulating the params.dataScope argument in /api/dept/build, enabling remote SQL injection. Exploit disclosed publicly; impact stated as high for confidentiality, integrity, and availability. No r...
CVE-2024-6679
A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2024-6679 witmy my-springsecurity-plus role sql injection
A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2024-6679 witmy my-springsecurity-plus role sql injection
A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2024-6679
CVE-2024-6679 affects witmy my-springsecurity-plus (up to 2024-07-04). The flaw exists in the /api/role endpoint where manipulating the argument params.dataScope enables SQL injection. It can be exploited remotely and the vulnerability has been publicly disclosed. Multiple sources (NVD, CVE List,...
CVE-2024-6676
A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...
CVE-2024-6676
witmy my-springsecurity-plus is affected by a SQL injection in /api/user triggered by manipulating the params.dataScope argument. The vulnerability has remote potential and has been disclosed publicly. Multiple sources (including CVE-2024-6676 records and PT-2024-37793) confirm a critical issue w...
CVE-2024-6676 witmy my-springsecurity-plus user sql injection
A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...
CVE-2024-6676 witmy my-springsecurity-plus user sql injection
A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...