You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, our team has identified a security vulnerability that has led to SQL injection issues in the latest version of the project, which could result in severe information leakage risks.
The vulnerability entry is located in the method at src/main/java/com/youlai/mall/pms/controller/app/SpuController.java#32.
The developers, when operating SQL statements through the method at src/main/java/com/youlai/mall/pms/mapper/PmsSpuMapper.java#32,
concatenate the input queryParams parameter to ${queryParams.sortField} ${queryParams.sort}, which means that attackers can control the queryParams parameter to carry out SQL injection attacks.
The text was updated successfully, but these errors were encountered:
Recently, our team has identified a security vulnerability that has led to SQL injection issues in the latest version of the project, which could result in severe information leakage risks.
The vulnerability entry is located in the method at src/main/java/com/youlai/mall/pms/controller/app/SpuController.java#32.
The developers, when operating SQL statements through the method at src/main/java/com/youlai/mall/pms/mapper/PmsSpuMapper.java#32,
concatenate the input queryParams parameter to ${queryParams.sortField} ${queryParams.sort}, which means that attackers can control the queryParams parameter to carry out SQL injection attacks.
The text was updated successfully, but these errors were encountered: