CVE-2023-40787

Name of the Vulnerable Software and Affected Versions SpringBlade version 3.6.0

Description The issue is related to the lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries. Specifically, in SpringBlade, when executing SQL queries, the parameters submitted by the user are not wrapped in quotation marks, leading to SQL injection.

Recommendations For SpringBlade version 3.6.0, consider disabling the execution of user-submitted SQL queries until a patch is available, or ensure that all user-submitted parameters are properly sanitized and wrapped in quotation marks to prevent SQL injection.