Springblade Security Vulnerabilities and Issues — Springblade CVE List

Lucene search

BladexSpringblade

7 matches found

CVE•added 2024/04/30 8:15 p.m.•71 views

CVE-2024-33332

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.

7.5CVSS6.2AI score0.00144EPSS

CVE•added 2024/08/21 12:15 a.m.•70 views

CVE-2024-8023

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the pub...

9.8CVSS6.8AI score0.00042EPSS

CVE•added 2022/05/05 7:15 p.m.•51 views

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.

9.8CVSS9.8AI score0.00593EPSS

CVE•added 2023/08/29 1:15 p.m.•37 views

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

9.8CVSS9.7AI score0.00857EPSS

CVE•added 2024/01/02 9:15 p.m.•37 views

CVE-2023-47458

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

9.8CVSS9.5AI score0.00924EPSS

CVE•added 2020/07/30 8:15 p.m.•34 views

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.

9.8CVSS9.7AI score0.00245EPSS

CVE•added 2023/09/19 12:15 a.m.•32 views

CVE-2023-40788

SpringBlade

5.3CVSS5.1AI score0.00072EPSS