CVE-2020-16165

SQL Injection in maven/org.springblade/blade-core-log

Identifiers

CVE-2020-16165

Package Slug

maven/org.springblade/blade-core-log

Vulnerability

SQL Injection

Description

The DAO/DTO implementation in SpringBlade through allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.

Affected Versions

All versions up to 2.7.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-08-06

source