Cyvk

**Name of the Vulnerable Software and Affected Versions** SpringBlade versions <=V3.6.0 **Description** The issue is related to Incorrect Access Control due to an incorrect configuration in the default gateway, resulting in unauthorized access to error logs. **Recommendations** For SpringBlade versions <=V3.6.0, update to a version later than V3.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the default gateway to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SpringBlade version 3.6.0 **Description** The issue is related to the lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries. Specifically, in SpringBlade, when executing SQL queries, the parameters submitted by the user are not wrapped in quotation marks, leading to SQL injection. **Recommendations** For SpringBlade version 3.6.0, consider disabling the execution of user-submitted SQL queries until a patch is available, or ensure that all user-submitted parameters are properly sanitized and wrapped in quotation marks to prevent SQL injection.