| 제목 | xierongwkhd weimai-wetapp <=1.0.0 SQL Injection |
|---|
| 설명 | A SQL injection vulnerability exists in the /admin/auser/getAdmins endpoint. The keyword parameter is passed unsanitized
through the controller → service → MyBatis mapper chain, allowing attackers to inject arbitrary SQL. SQLMap confirmed
exploitability via boolean-based blind and error-based techniques, retrieving the current DB user as root@%. |
|---|
| 원천 | ⚠️ https://github.com/xierongwkhd/weimai-wetapp/issues/48 |
|---|
| 사용자 | ZAST.AI (UID 87884) |
|---|
| 제출 | 2026. 02. 26. AM 04:16 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 11. PM 01:33 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 350386 [xierongwkhd weimai-wetapp 까지 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Admin_AdminUserController.java getAdmins keyword SQL 주입] |
|---|
| 포인트들 | 19 |
|---|