Submeter #767884: xierongwkhd weimai-wetapp <=1.0.0 SQL Injectioninformação

Títuloxierongwkhd weimai-wetapp <=1.0.0 SQL Injection
DescriçãoA SQL injection vulnerability exists in the /admin/auser/getAdmins endpoint. The keyword parameter is passed unsanitized through the controller → service → MyBatis mapper chain, allowing attackers to inject arbitrary SQL. SQLMap confirmed exploitability via boolean-based blind and error-based techniques, retrieving the current DB user as root@%.
Fonte⚠️ https://github.com/xierongwkhd/weimai-wetapp/issues/48
Utilizador
 ZAST.AI (UID 87884)
Submissão26/02/2026 04h16 (há 4 meses)
Moderação11/03/2026 13h33 (13 days later)
EstadoAceite
Entrada VulDB350386 [xierongwkhd weimai-wetapp até 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Admin_AdminUserController.java getAdmins keyword Injeção SQL]
Pontos19

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!