CVE-2024-46535 Information

Description

Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.

Reference

https://gitee.com/ketr/jepaas-release/issues/IAPJ8H?from=project-issue