Enviar #86554: JFinalOA has sql injectioninformación

TítuloJFinalOA has sql injection
DescripciónThe product from https://gitee.com/glorylion/JFinalOA. The vulnerability is in src/main/java/com/pointlion/mvc/common/model/SysOrg.java. Code: String sql = "select * from sys_org m where m.parent_id='"+id+"' "; if(StrKit.notBlank(type)){ sql = sql + " and m.type='"+type+"' "; } sql = sql + " order by m.sort"; return SysOrg.dao.find(sql); The attacker can use the SQL injection vulnerability to obtain database information. url:/admin/sys/org/getOrgTree?orgid=xxx
Fuente⚠️ https://github.com/skisw/Vul/blob/main/vuloa
Usuario
 amazingday (UID 40512)
Sumisión2023-02-09 07:43 (hace 3 años)
Moderación2023-02-09 11:59 (4 hours later)
EstadoAceptado
Entrada de VulDB220469 [glorylion JFinalOA 1.0.2 SysOrg.java ID inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!