Maxkey
Monthly
SQL injection in Dromara MaxKey up to version 3.5.13 allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the filtersfields argument in the StrUtils.checkSqlInjection function, potentially leading to unauthorized data access, modification, or deletion. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor has not responded to early disclosure notifications.
SQL injection in Dromara MaxKey up to version 3.5.13 allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the filtersfields argument in the StrUtils.checkSqlInjection function, potentially leading to unauthorized data access, modification, or deletion. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor has not responded to early disclosure notifications.