Vulnerability — CVE-2021-38239

CVE-2021-38239

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-38239
Description:: SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
Last updated date:: 02/23/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/23/2023
Reference url to background: https://github.com/dataease/dataease/issues/510