CVE-2021-28890
EUVD-2021-1554312.08.2021, 22:15
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| j2eefast | j2eefast | 2.2.1 |
𝑥
= Vulnerable software versions