Positive Tech ‘Working’ the CVEs
The most interesting vulnerabilities 🐛 CVE-2024-37896 discovered in Gin-vue-admin before 2.6.6 leads to SQL Injection. The problem was that an attacker could inject arbitrary SQL code into the order parameter of an http request when accessing the /api/sysExportTemplate/exportExcel endpoint. The fix added checks to ensure that the value of the order parameter is correct before…
You must be logged in to post a comment.