Invia #56388: DocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.informazioni

TitoloDocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.
DescrizioneA sql injection vulnerability was found in the DocSys project. Project address: https://gitee.com/RainyGao/DocSys.git https://github.com/RainyGao-GitHub/DocSys Vulnerable xml files: https://gitee.com/RainyGao/DocSys/blob/master/src/com/DocSystem/mapping/ReposAuthMapper.xml It is found that 'queryReposMemberWithParamLike' uses '${}' for the incoming parameters without precompilation. details: https://gitee.com/RainyGao/DocSys/issues/I65QEE
Fonte⚠️ https://gitee.com/RainyGao/DocSys/issues/I65QEE
Utente
 archvitio (UID 37313)
Sottomissione12/12/2022 04:14 (4 anni fa)
Moderazione12/12/2022 07:39 (3 hours later)
StatoAccettato
Voce VulDB215278 [RainyGao DocSys getReposAllUsers.do getReposAllUsers searchWord/reposId iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!