CVE-2024-6679

MEDIUM

my-springsecurity-plus <2024-07-04 - SQL Injection

Title source: llm

Description

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271152.

Exploits (1)

gitee 826 stars

by witmy · javawriteup

https://gitee.com/witmy/my-springsecurity-plus/issues/IAAHCR

References (3)

[Issue Tracking] https://gitee.com/witmy/my-springsecurity-plus/issues/IAAHCR

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.271152

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.271152

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (1)

witmy/my-springsecurity-plus < 2024-07-04

Published Jul 11, 2024

Tracked Since Feb 18, 2026