Ku4D3

**Nome do Software Vulnerável e Versões Afetadas** xianrendzw EasyReport versões anteriores a 2.0.17.0522 Beta **Description** Uma falha no componente REST Endpoint permite a execução de SQL injection remota, uma técnica onde instruções SQL maliciosas são inseridas em campos de entrada para execução. O problema existe na função `execute()` quando a variável `reportParams` é manipulada. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.