Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Bladex Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-8023 1 Bladex 1 Springblade 2025-06-04 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2020-16165 1 Bladex 1 Springblade 2025-06-03 7.5 HIGH 9.8 CRITICAL
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
CVE-2024-33332 1 Bladex 1 Springblade 2025-06-03 N/A 7.5 HIGH
An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
CVE-2023-47458 1 Bladex 1 Springblade 2025-04-17 N/A 9.8 CRITICAL
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
CVE-2023-40788 1 Bladex 1 Springblade 2024-11-21 N/A 5.3 MEDIUM
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
CVE-2023-40787 1 Bladex 1 Springblade 2024-11-21 N/A 9.8 CRITICAL
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
CVE-2022-27360 1 Bladex 1 Springblade 2024-11-21 7.5 HIGH 9.8 CRITICAL
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.