Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
Advisories for Maven/Org.springblade/Blade-Core-Tool package
2023