4 matches found
CVE-2023-52290
In streampark-console the list pagese.g: application pages, users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection...
CVE-2023-52290
In streampark-console the list pagese.g: application pages, users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection...
CVE-2023-52290
CVE-2023-52290 affects Apache StreamPark’s streampark-console prior to version 2.1.4. The vulnerability arises from unvalidated sort field input used to build SQL queries in list pages (e.g., application pages), enabling SQL injection after an authenticated user logs in. Impact is described as da...
PT-2024-14507 · Unknown · Streampark-Console
Name of the Vulnerable Software and Affected Versions: streampark-console versions prior to 2.1.4 Description: The issue arises from the lack of validation of the sort field sent from the front-end to the back-end, which is used to generate SQL queries. This poses a risk of SQL injection,...