제출 #86554: JFinalOA has sql injection정보

제목JFinalOA has sql injection
설명The product from https://gitee.com/glorylion/JFinalOA. The vulnerability is in src/main/java/com/pointlion/mvc/common/model/SysOrg.java. Code: String sql = "select * from sys_org m where m.parent_id='"+id+"' "; if(StrKit.notBlank(type)){ sql = sql + " and m.type='"+type+"' "; } sql = sql + " order by m.sort"; return SysOrg.dao.find(sql); The attacker can use the SQL injection vulnerability to obtain database information. url:/admin/sys/org/getOrgTree?orgid=xxx
원천⚠️ https://github.com/skisw/Vul/blob/main/vuloa
사용자
 amazingday (UID 40512)
제출2023. 02. 09. AM 07:43 (3 연령 ago)
모더레이션2023. 02. 09. AM 11:59 (4 hours later)
상태수락
VulDB 항목220469 [glorylion JFinalOA 1.0.2 SysOrg.java 아이디 SQL 주입]
포인트들20

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!