CVE-2023-40787

CRITICAL

SpringBlade 3.6.0 - SQL Injection

Title source: llm
STIX 2.1

Description

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

References (2)

Core 2
Core References
Permissions Required
https://sword.bladex.cn/

Scores

CVSS v3 9.8
EPSS 0.1938
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
bladex/springblade 3.6.0
org.springblade/blade-core-tool Maven
Published Aug 29, 2023
Tracked Since Feb 18, 2026