| عنوان | Mini-Tmall当前版本存在SQL注入 |
|---|
| الوصف | https://gitee.com/project_team/Tmall_demo
Mini-Tmall开源项目是一个基于Spring Boot的迷你天猫商城,快速部署运行,适合作为毕设模板 所用技术:Spring Boot/MySQL/Druid/Log4j2/Maven/Echarts/Bootstrap
Mini-Tmall开源项目中发现了一个被归类为严重的漏洞,在前台/produce路径,对参数orderby的操作导致 sql 注入。详细请在链接中查看
The Mini-Tmall open source project is a mini Tmall marketplace based on Spring Boot, which is quickly deployed and run, suitable as a template for the design of the technology used: Spring Boot/MySQL/Druid/Log4j2/Maven/Echarts/Bootstrap
A vulnerability classified as critical was found in the Mini-Tmall open source project where manipulation of the parameter orderby in the foreground/produce path resulted in SQL injection.Please check the link for details |
|---|
| المصدر | ⚠️ https://github.com/FFR66/Mini-Tmall_SQL/blob/main/README.md |
|---|
| المستخدم | fkalis (UID 52531) |
|---|
| ارسال | 11/08/2023 10:56 AM (3 سنوات منذ) |
|---|
| الاعتدال | 20/08/2023 09:06 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 237566 [Mini-Tmall حتى 20230811 1?test=1&test2=2& orderBy حقن SQL] |
|---|
| النقاط | 20 |
|---|