2023-08-29 00:00:00
mitre
PUBLISHED
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.