You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The name of an affected Product: J2EEFAST - v2.7.0
fixed version: J2EEFAST - v2.7.0
Vendor of the product: https://www.j2eefast.com/
The CVE ID for the entry: CVE-2024-33153
A prose description: The com.j2eefast.framework.sys.controller.SysMsgPushController: com.j2eefast.common.core.utils.ResponseData commetList() function of J2EEFAST does not filter `sql_filter` parameters, and an attacker can pass malicious payload into `findPage` function in SysMsgCommentsMapper.xml for sql injection.