CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-28890

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://gitee.com/zhouhuanOGP/J2EEFAST/issues/I3BOFQ
https://gitee.com/zhouhuanOGP/J2EEFAST/issues/I3BOFQ

Products affected by CVE-2021-28890

J2eefast » J2eefast » Version: 2.2.1

cpe:2.3:a:j2eefast:j2eefast:2.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-28890

Products

Pricing

Contact Us