6 matches found
CVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg...
CVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg...
JEPaaS 安全漏洞
JEPaaS is a rapid development platform from China Kate Weiye JEPaaS. A SQL injection vulnerability exists in JEPaaS v7.2.8, which originates from the lack of validation of the orderSQL parameter of /homePortal/loadUserMsg for externally entered SQL statements. An attacker can exploit this...
CVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg...
CVE-2024-46535
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg...
CVE-2024-46535
CVE-2024-46535 affects Jepaas v7.2.8, with a SQL injection vulnerability originating from lack of validation of the orderSQL parameter in the /homePortal/loadUserMsg endpoint. Underlying issue enables execution of arbitrary SQL statements and could lead to sensitive data disclosure, data tamperin...