SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
References
Link | Resource |
---|---|
https://forum.butian.net/share/1089 | Exploit Third Party Advisory |
https://gitee.com/smallc/SpringBlade/blob/master/blade-service/blade-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml | Exploit Third Party Advisory |
https://saber.bladex.vip/#/login | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-05T18:19:43
Updated: 2022-05-05T18:19:43
Reserved: 2022-03-21T00:00:00
Link: CVE-2022-27360
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-05T19:15:07.940
Modified: 2022-05-13T04:07:27.147
Link: CVE-2022-27360
JSON object: View
Redhat Information
No data.
CWE