Security Advisory

CVE-2020-16165

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-30 19:01:59

Last updated 2024-08-04 13:37:54

Assigner mitre

State PUBLISHED

Description

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.

← Browse all CVEs View on cve.org ↗