| タイトル | MTA Maita Training System v4.5 SQL Injection Vulnerability |
|---|
| 説明 | 1.Vulnerability name: MTA Maita training system has SQL injection vulnerability
2.Vulnerability Level: High risk
3.Bug submitter and contributor: caichaoxiong
4.Vulnerability affected version: v4.5
5.Vulnerability Description:
MTA Maita training system v4.5, due to a security defect in the interface, when the data submitted by users was transmitted to the back-end service for database query, there was no effective security filtering, resulting in the transmitted data being executed as SQL query commands, which could query data arbitrarily, causing serious consequences such as data leakage.
6.Vendor information:
MTA Maita training system is a comprehensive online education platform independently developed by Dalian Dongke Software Engineering Co., Ltd., which aims to solve the time and space limitations and single teaching methods of traditional training through Internet technology. The system integrates training management, online learning, test evaluation and resource integration functions, and has served more than 5,000 enterprises and educational institutions, with more than 100,000 registered users.
7. Vulnerability fix:
Prepared statements are one of the most effective ways to prevent and mitigate SQL injections. By using PreparedStatement, you can ensure that the parameters in the SQL query are processed correctly, rather than directly passing the user's malicious SQL query statements directly into the backend SQL query execution command statement. |
|---|
| ソース | ⚠️ https://wx.mail.qq.com/s?k=oVXdxVkeZQAlUQwVe2 |
|---|
| ユーザー | caichaoxiong (UID 84060) |
|---|
| 送信 | 2025年05月16日 09:28 (11 月 ago) |
|---|
| モデレーション | 2025年05月25日 15:24 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 310258 [llisoft MTA Maita Training System 4.5 AdminShitiController.java AdminShitiListRequestVo stTypeIds SQLインジェクション] |
|---|
| ポイント | 17 |
|---|