Описание
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
Пакеты
Наименование
com.vip.saturn:saturn-console
maven
Затронутые версииВерсия исправления
<= 3.5.1
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
10 месяцев назад
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.