CVE-2024-6680 | witmy my-springsecurity-plus up to 2024-07-04 /api/dept/build params.dataScope sql injection (IAAH8A)

Inserito da Angelo Barbosa | Lug 11, 2024 | CVE

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection.

This vulnerability is known as CVE-2024-6680. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6680 | witmy my-springsecurity-plus up to 2024-07-04 /api/dept/build params.dataScope sql injection (IAAH8A)

Post correlati

CVE-2024-28167 | SAP Group Reporting Data Collection 1.0.0 Enter Package Data authorization

CVE-2024-30280 | Adobe Acrobat Pro DC AcroForm Annotation out-of-bounds

CVE-2024-37544 | Tobias Conrad Get Better Reviews for WooCommerce Plugin up to 4.0.6 on WordPress authorization

CVE-2023-6272 | Theme My Login 2FA Plugin up to 1.1 on WordPress excessive authentication