Filtered by vendor Jrecms Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-43192 1 Jrecms 1 Springbootcms 2024-09-24 8.8 High
SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.
CVE-2023-43191 1 Jrecms 1 Springbootcms 2024-09-24 5.4 Medium
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft
CVE-2022-4282 1 Jrecms 1 Springbootcms 2024-08-03 4.7 Medium
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.