Submeter #56388: DocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.informação

Título	DocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.
Descrição	A sql injection vulnerability was found in the DocSys project. Project address: https://gitee.com/RainyGao/DocSys.git https://github.com/RainyGao-GitHub/DocSys Vulnerable xml files: https://gitee.com/RainyGao/DocSys/blob/master/src/com/DocSystem/mapping/ReposAuthMapper.xml It is found that 'queryReposMemberWithParamLike' uses '${}' for the incoming parameters without precompilation. details: https://gitee.com/RainyGao/DocSys/issues/I65QEE
Fonte	⚠️ https://gitee.com/RainyGao/DocSys/issues/I65QEE
Utilizador	archvitio (UID 37313)
Submissão	12/12/2022 04h14 (há 4 anos)
Moderação	12/12/2022 07h39 (3 hours later)
Estado	Aceite
Entrada VulDB	215278 [RainyGao DocSys getReposAllUsers.do getReposAllUsers searchWord/reposId Injeção SQL]
Pontos	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!