CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
References
Link Resource
https://github.com/chillzhuang/SpringBlade/issues/9 Exploit Issue Tracking
https://gitee.com/smallc/SpringBlade Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:springblade_project:springblade:*:*:*:*:*:*:*:*

Information

Published : 2020-07-30 08:15

Updated : 2020-08-05 02:13


NVD link : CVE-2020-16165

Mitre link : CVE-2020-16165

Products Affected
No products.
CWE