Submeter #767885: xierongwkhd weimai-wetapp <=1.0.0 SQL Injectioninformação

Títuloxierongwkhd weimai-wetapp <=1.0.0 SQL Injection
Descrição A SQL injection vulnerability exists in the /home/getLikeMovieList endpoint. The cat parameter is passed unsanitized through the controller → service → MyBatis mapper chain without parameterization. SQLMap confirmed exploitability via boolean-based blind and error-based techniques, retrieving the current DB user as root@%.
Fonte⚠️ https://github.com/xierongwkhd/weimai-wetapp/issues/49
Utilizador
 ZAST.AI (UID 87884)
Submissão26/02/2026 04h22 (há 3 meses)
Moderação11/03/2026 13h33 (13 days later)
EstadoAceite
Entrada VulDB350387 [xierongwkhd weimai-wetapp até 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Endpoint HomeController.java getLikeMovieList cat Injeção SQL]
Pontos19

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!