CVE-2024-6681 | witmy my-springsecurity-plus up to 2024-07-04 /api/dept params.dataScope sql injection (IAAGZY)

Inserito da Angelo Barbosa | Lug 11, 2024 | CVE

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection.

This vulnerability is handled as CVE-2024-6681. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6681 | witmy my-springsecurity-plus up to 2024-07-04 /api/dept params.dataScope sql injection (IAAGZY)

Post correlati

CVE-2023-4503 | eap-galleon http-invoker Privilege Escalation

CVE-2024-47659 | Linux Kernel up to 6.10.8 IPv4 improper authorization

CVE-2024-32133 | Michael Schuppenies EZ Form Calculator Plugin up to 2.14.0.3 on WordPress cross site scripting

CVE-2023-6438 | IceCMS 2.0.1 Like /WebArticle/articles/ improper enforcement of a single, unique action