| Titolo | Mini-Tmall 2024.09.01 SQL Injection |
|---|
| Descrizione | # Description of the vulnerability
Mini-Tmall is a mini Tmall mall based on Spring Boot, which can be quickly deployed and run, and is suitable as a template for completion.
In the tmall/admin/order/1/1?orderBy=1 version of Mini-Tmall v2024.09.01 and earlier versions of Mini-Tmall v2024.09.01, an SQL injection vulnerability exists because the application lacks validation of external input SQL statements, and an attacker can execute illegal SQL commands to obtain sensitive database data.
# System situation
## version
Before September 1, 2024
## Project address
[https://gitee.com/project_team/Tmall_demo](https://gitee.com/project_team/Tmall_demo)
## Affected parameters:
orderBy
More details are connected below:
https://gitee.com/A0kooo/cve_article/blob/master/Mini-Tmall/Tmall_demo%20OrderController.java%20SQL%20Injection.md |
|---|
| Fonte | ⚠️ https://gitee.com/A0kooo/cve_article/blob/master/Mini-Tmall/Tmall_demo%20OrderController.java%20SQL%20Injection.md |
|---|
| Utente | 0kooo (UID 73212) |
|---|
| Sottomissione | 01/09/2024 09:20 (2 anni fa) |
|---|
| Moderazione | 07/09/2024 08:25 (6 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 276798 [Mini-Tmall fino a 20240901 tmall/admin/order/1/1 rewardMapper.select orderBy iniezione SQL] |
|---|
| Punti | 20 |
|---|