CVE-2023-40787 Information
Sep 01, 2023
cve
Description
In SpringBlade V3.6.0 when executing SQL query the parameters submitted by the user are not wrapped in quotation marks which leads to SQL injection.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://gist.github.com/kaliwin/9d6cf58bb6ec06765cdf7b75e13ee460 https://sword.bladex.cn/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: