SQL Injection Vulnerability in SpringBlade V3.6.0

CVE-2023-40787 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.