CVE-2023-47458
https://notcve.org/view.php?id=CVE-2023-47458
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. Un problema en SpringBlade v.3.7.0 y anteriores permite a un atacante remoto escalar privilegios a través de la falta de un framework de permisos. • http://springblade.com https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a https://gitee.com/smallc/SpringBlade • CWE-862: Missing Authorization •
CVE-2023-40788
https://notcve.org/view.php?id=CVE-2023-40788
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs SpringBlade <=V3.6.0 es vulnerable al Control de Acceso Incorrecto debido a una configuración incorrecta en la puerta de enlace predeterminada, lo que provoca un acceso no autorizado a los registros de errores • https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7 https://github.com/chillzhuang/SpringBlade https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-40787
https://notcve.org/view.php?id=CVE-2023-40787
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. • https://gist.github.com/kaliwin/9d6cf58bb6ec06765cdf7b75e13ee460 https://sword.bladex.cn • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •