Bladex Springblade vulnerabilities
9 known vulnerabilities affecting bladex/springblade.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-40787P2CRITICALCVSS 9.8v3.6.02023-08-29
CVE-2023-40787 [CRITICAL] CWE-89 CVE-2023-40787: In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
nvd
CVE-2025-70983P3CRITICALCVSS 9.9v4.5.02026-01-23
CVE-2025-70983 [CRITICAL] CWE-284 CVE-2025-70983: Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
nvd
CVE-2025-70982P3CRITICALCVSS 9.9v4.5.02026-01-26
CVE-2025-70982 [CRITICAL] CWE-284 CVE-2025-70982: Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.
nvd
CVE-2024-8023P3CRITICALCVSS 9.8≤ 4.1.02024-08-21
CVE-2024-8023 [CRITICAL] CWE-89 CVE-2024-8023: A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is
A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted ea
nvd
CVE-2022-27360P3CRITICALCVSS 9.8v3.2.02022-05-05
CVE-2022-27360 [CRITICAL] CWE-89 CVE-2022-27360: SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the compone
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
nvd
CVE-2023-47458P3CRITICALCVSS 9.8≤ 3.7.02024-01-02
CVE-2023-47458 [CRITICAL] CWE-862 CVE-2023-47458: An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the l
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
nvd
CVE-2020-16165P3CRITICALCVSS 9.8≤ 2.7.12020-07-30
CVE-2020-16165 [CRITICAL] CWE-89 CVE-2020-16165: The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause.
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
nvd
CVE-2024-33332P3HIGHCVSS 7.5v3.7.12024-04-30
CVE-2024-33332 [HIGH] CWE-89 CVE-2024-33332: An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafte
An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
nvd
CVE-2023-40788P4MEDIUMCVSS 5.3≤ 3.6.02023-09-19
CVE-2023-40788 [MEDIUM] CWE-668 CVE-2023-40788: SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
nvd