The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-30T19:01:59

Updated: 2024-08-04T13:37:54.174Z

Reserved: 2020-07-30T00:00:00

Link: CVE-2020-16165

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-30T20:15:12.737

Modified: 2024-11-21T05:06:53.433

Link: CVE-2020-16165

cve-icon Redhat

No data.