The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-30T19:01:59
Updated: 2024-08-04T13:37:54.174Z
Reserved: 2020-07-30T00:00:00
Link: CVE-2020-16165
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-07-30T20:15:12.737
Modified: 2020-08-05T14:13:52.340
Link: CVE-2020-16165
Redhat
No data.