The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-30T19:01:59
Updated: 2024-08-04T13:37:54.174Z
Reserved: 2020-07-30T00:00:00
Link: CVE-2020-16165
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-30T20:15:12.737
Modified: 2024-11-21T05:06:53.433
Link: CVE-2020-16165
Redhat
No data.