Sweelg

2 exploits Active since Feb 2023

CVE-2023-1454 NOMISEC MEDIUM WORKING POC

jeecg-boot 3.5.0 - SQL Injection via apiSelectId Parameter

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

21 stars

CVSS 6.3

View Code

CVE-2023-23752 NOMISEC MEDIUM WORKING POC

Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

4 stars

CVSS 5.3

View Code