CVE-2021-28890
12.08.2021, 22:15
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.| Vendor | Product | Version |
|---|---|---|
| j2eefast | j2eefast | 2.2.1 |
𝑥
= Vulnerable software versions