4 matches found
CVE-2024-6679
CVE-2024-6679 affects witmy my-springsecurity-plus (up to 2024-07-04). The flaw exists in the /api/role endpoint where manipulating the argument params.dataScope enables SQL injection. It can be exploited remotely and the vulnerability has been publicly disclosed. Multiple sources (NVD, CVE List,...
CVE-2024-6680
CVE-2024-6680 affects witmy my-springsecurity-plus up to 2024-07-04. The vulnerability arises from manipulating the params.dataScope argument in /api/dept/build, enabling remote SQL injection. Exploit disclosed publicly; impact stated as high for confidentiality, integrity, and availability. No r...
CVE-2024-6676
witmy my-springsecurity-plus is affected by a SQL injection in /api/user triggered by manipulating the params.dataScope argument. The vulnerability has remote potential and has been disclosed publicly. Multiple sources (including CVE-2024-6676 records and PT-2024-37793) confirm a critical issue w...
CVE-2024-6681
Affected product: witmy my-springsecurity-plus (up to 2024-07-04). Vulnerability: SQL injection via manipulation of the argument params.dataScope in the endpoint /api/dept, leading to potential remote exploitation. Multiple sources confirm the issue and public disclosure of the exploit. Impact (a...