जमा करें #833907: GitHub jfinal_cms 5.1.0 SQLजानकारी

शीर्षक	GitHub jfinal_cms 5.1.0 SQL
विवरण	Several controller list() methods build SQL ORDER BY clauses by directly concatenating the orderBy value obtained from getBaseForm().getOrderBy(). Because this value may be controlled by user input and is not validated or whitelisted before being appended to the SQL statement, the code is vulnerable to SQL injection. Affected locations: AdvicefeedbackController.java Path: src/main/java/com/jflyfox/modules/admin/advicefeedback/AdvicefeedbackController.java Method: list() Issue: Direct concatenation of orderBy into the SQL ORDER BY clause. DepartmentController.java Path: src/main/java/com/jflyfox/system/department/DepartmentController.java Method: list() Issue: Direct concatenation of orderBy into the SQL ORDER BY clause. FriendlylinkController.java Path: src/main/java/com/jflyfox/modules/admin/friendlylink/FriendlylinkController.java Method: list() Issue: Direct concatenation of orderBy into the SQL ORDER BY clause. ImageShowController.java Path: src/main/java/com/jflyfox/modules/admin/image/controller/ImageShowController.java Methods: list() and edit() Issue: Direct concatenation of orderBy into the SQL ORDER BY clause. LogController.java Path: src/main/java/com/jflyfox/system/log/LogController.java Method: list() Issue: Direct concatenation of orderBy into the SQL ORDER BY clause. ConfigController.java Path: src/main/java/com/jflyfox/system/config/ConfigController.java Method: list() Issue: Direct concatenation of orderBy into the SQL ORDER BY clause. Example vulnerable pattern: ```java String orderBy = getBaseForm().getOrderBy(); if (StrUtils.isEmpty(orderBy)) { sql.append(" order by t.id desc "); } else { sql.append(" order by ").append(orderBy); } ``` The application dynamically constructs SQL queries by appending the orderBy parameter directly into the SQL statement. Since the parameter is not sanitized, validated, or restricted to a predefined whitelist of allowed column names and sort directions, an attacker may inject malicious SQL fragments through the orderBy value. This could allow manipulation of the executed SQL query, potentially leading to unauthorized data access, data leakage, or further database compromise.
स्रोत	⚠️ https://github.com/jflyfox/jfinal_cms/issues/62
उपयोगकर्ता	0Xrry (UID 86188)
सबमिशन	20/05/2026 07:56 AM (20 दिन पहले)
संयम	07/06/2026 11:34 AM (18 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	369093 [jflyfox jfinal_cms तक 5.1.0 AdvicefeedbackController.java list orderBy SQL इंजेक्शन]
अंक	20

◂ पिछला सिंहावलोकन अगला ▸

Might our Artificial Intelligence support you?

Check our Alexa App!