Small Chill

2 exploits Active since Jul 2020

CVE-2020-16165 WRITEUP CRITICAL WRITEUP

SpringBlade < 2.7.1 - SQL Injection via ORDER BY Clause in Log API

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.

CVSS 9.8

View Code

CVE-2025-70983 WRITEUP CRITICAL WRITEUP

SpringBlade 4.5.0 - Privilege Escalation via Incorrect Access Control in authRoutes

Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.

CVSS 9.9

View Code