-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path35086.txt
11 lines (11 loc) · 969 Bytes
/
35086.txt
1
2
3
4
5
6
7
8
9
10
11
The name of an affected Product: J2EEFAST - v2.7.0
fixed version: J2EEFAST - v2.7.0
Vendor of the product: https://www.j2eefast.com/
The CVE ID for the entry: CVE-2024-35086
A prose description: J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml .
Vulnerability Type: SQL injection
Impact: SQL injection
Root Cause: `findPage` function in BpmTaskFromMapper.xml
<com.j2eefast.flowable.bpm.controller.ProcessInstanceController: com.j2eefast.common.core.utils.ResponseData list(java.util.Map)>
<com.j2eefast.flowable.bpm.service.impl.FlowableProcessInstanceServiceImpl: com.j2eefast.common.core.utils.PageUtil findPage(java.util.Map)>
<com.j2eefast.flowable.bpm.mapper.ProcessInstanceMapper: com.baomidou.mybatisplus.extension.plugins.pagination.Page findPage(com.baomidou.mybatisplus.core.metadata.IPage,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>