CVE-2020-16165
maven/org.springblade/blade-core-log
SQL Injection
The DAO/DTO implementation in SpringBlade through allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list
ascs
and desc
parameters.
All versions up to 2.7.1
Unfortunately, there is no solution available yet.
2020-08-06
source |