1 results (0.002 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26813
https://notcve.org/view.php?id=CVE-2023-26813
28 Apr 2023 — SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. • https://github.com/xnx3/wangmarket/issues/7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •