| Titel | Mini-Tmall当前版本存在SQL注入 |
|---|
| Beschreibung | https://gitee.com/project_team/Tmall_demo
Mini-Tmall开源项目是一个基于Spring Boot的迷你天猫商城,快速部署运行,适合作为毕设模板 所用技术:Spring Boot/MySQL/Druid/Log4j2/Maven/Echarts/Bootstrap
Mini-Tmall开源项目中发现了一个被归类为严重的漏洞,在前台/produce路径,对参数orderby的操作导致 sql 注入。详细请在链接中查看
The Mini-Tmall open source project is a mini Tmall marketplace based on Spring Boot, which is quickly deployed and run, suitable as a template for the design of the technology used: Spring Boot/MySQL/Druid/Log4j2/Maven/Echarts/Bootstrap
A vulnerability classified as critical was found in the Mini-Tmall open source project where manipulation of the parameter orderby in the foreground/produce path resulted in SQL injection.Please check the link for details |
|---|
| Quelle | ⚠️ https://github.com/FFR66/Mini-Tmall_SQL/blob/main/README.md |
|---|
| Benutzer | fkalis (UID 52531) |
|---|
| Einreichung | 11.08.2023 10:56 (vor 3 Jahren) |
|---|
| Moderieren | 20.08.2023 09:06 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 237566 [Mini-Tmall bis 20230811 1?test=1&test2=2& orderBy SQL Injection] |
|---|
| Punkte | 20 |
|---|