CVE-2025-28198

Published April 15th, 2025

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.

Hitout/carsale

spring boot + Vue 实现汽车销售管理系统

GitHub

160