9 matches found
CVE-2024-33332
The CVE-2024-33332 entry affects SpringBlade 3.7.1, where a crafted GET request to the endpoint api/blade-system/tenant can disclose sensitive information. The connected sources consistently describe an information disclosure in SpringBlade 3.7.1 without broader exploitation details. Impact is de...
CVE-2024-8023
CVE-2024-8023 describes a critical SQL injection in chillzhuang SpringBlade 4.1.0. The vulnerability affects an unknown function of the endpoint /api/blade-system/menu/list?updatexml, with remote exploitation possible. Public exploitation is noted, and vendor contact occurred without response. Co...
CVE-2022-27360
CVE-2022-27360 affects SpringBlade v3.2.0 and earlier. The vulnerability is a SQL injection in the component customSqlSegment , arising from improper handling of input in SpringBlade’s SQL construction. The initial source documents describe the issue across multiple feeds (NVD, Red Hat, OSV, CVE ...
CVE-2023-40787
CVE-2023-40787 affects SpringBlade v3.6.0, where user-submitted SQL parameters are not wrapped in quotes during query execution, enabling SQL injection. Red Hat and multiple feeds corroborate the flaw in SpringBlade’s SQL handling, describing it as a lack of proper parameter quoting that could al...
CVE-2023-47458
CVE-2023-47458 concerns SpringBlade versions 3.7.0 and earlier. The issue is described as a lack of a permissions control framework, which enables a remote attacker to escalate privileges (high impact). The CVSS vector from NVD indicates a critical score (9.8), with network attack vector, no user...
CVE-2020-16165
CVE-2020-16165 affects SpringBlade up to 2.7.1. The DAO/DTO implementation allows SQL injection in an ORDER BY clause via the ascs/desc parameters of /api/blade-log/api/list. Impact is described as high, with potential for attackers to execute arbitrary SQL commands through the vulnerable sorting...
CVE-2023-40788
SpringBlade 3.6.0 to remediate.
CVE-2025-70982
CVE-2025-70982 affects SpringBlade v4.5.0 and stems from incorrect access control in the importUser function , enabling attackers with low-level privileges to arbitrarily import sensitive user data. The CVE is rated CRITICAL (CVSS 3.1: 9.9) with vectors: AV=N/AC=L/PR=L/UI=N/S=C/C=H/I=H/A=H. Impac...
CVE-2025-70983
CVE-2025-70983 affects SpringBlade v4.5.0. A flaw in the authRoutes function implements incorrect access control, enabling attackers with low privileges to escalate to high privileges. Sources from multiple trackers (Red Hat, NVD, CVE lists, PT-Group) corroborate the description. The publicly sta...