| 제목 | xierongwkhd weimai-wetapp <=1.0.0 SQL Injection |
|---|
| 설명 | A SQL injection vulnerability exists in the /home/getLikeMovieList endpoint. The cat parameter is passed unsanitized
through the controller → service → MyBatis mapper chain without parameterization. SQLMap confirmed exploitability via
boolean-based blind and error-based techniques, retrieving the current DB user as root@%. |
|---|
| 원천 | ⚠️ https://github.com/xierongwkhd/weimai-wetapp/issues/49 |
|---|
| 사용자 | ZAST.AI (UID 87884) |
|---|
| 제출 | 2026. 02. 26. AM 04:22 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 11. PM 01:33 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 350387 [xierongwkhd weimai-wetapp 까지 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Endpoint HomeController.java getLikeMovieList cat SQL 주입] |
|---|
| 포인트들 | 19 |
|---|