Soumettre #596573: xxyopen novel-plus 5.1.3 SQL Injectioninformation

Titrexxyopen novel-plus 5.1.3 SQL Injection
DescriptionA critical SQL injection vulnerability exists in the user management module. The `/list` endpoint, which retrieves a list of system users, unsafely uses string substitution (`${...}`) for the `sort` and `order` parameters within its MyBatis `ORDER BY` clause. This allows any authenticated user who can access this endpoint to execute arbitrary SQL commands. Because the query targets the `sys_user` table, this flaw can be exploited to exfiltrate highly sensitive information, including usernames, email addresses, and password hashes, compromising all user accounts on the system.
La source⚠️ https://blog.0xd00.com/blog/sqli-in-user-list-leads-to-sensitive-data-disclosure
Utilisateur
 bpy9ft (UID 85221)
Soumission13/06/2025 11:38 (il y a 11 mois)
Modérer23/06/2025 16:32 (10 days later)
StatutAccepté
Entrée VulDB313654 [xxyopen/201206030 novel-plus jusqu’à 5.1.3 User Management UserMapper.xml list sort/order injection SQL]
Points20

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!