Vulnerability Details CVE-2022-27360
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://forum.butian.net/share/1089
- https://gitee.com/smallc/SpringBlade/blob/master/blade-service/blade-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml
- https://saber.bladex.vip/#/login
- https://forum.butian.net/share/1089
- https://gitee.com/smallc/SpringBlade/blob/master/blade-service/blade-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml
- https://saber.bladex.vip/#/login
Products affected by CVE-2022-27360
-
cpe:2.3:a:bladex:springblade:3.2.0