Отправить #56388: DocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.Информация

Название	DocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.
Описание	A sql injection vulnerability was found in the DocSys project. Project address: https://gitee.com/RainyGao/DocSys.git https://github.com/RainyGao-GitHub/DocSys Vulnerable xml files: https://gitee.com/RainyGao/DocSys/blob/master/src/com/DocSystem/mapping/ReposAuthMapper.xml It is found that 'queryReposMemberWithParamLike' uses '${}' for the incoming parameters without precompilation. details: https://gitee.com/RainyGao/DocSys/issues/I65QEE
Источник	⚠️ https://gitee.com/RainyGao/DocSys/issues/I65QEE
Пользователь	archvitio (UID 37313)
Представление	12.12.2022 04:14 (4 лет назад)
Модерация	12.12.2022 07:39 (3 hours later)
Статус	принято
Запись VulDB	215278 [RainyGao DocSys getReposAllUsers.do getReposAllUsers searchWord/reposId SQL-инъекция]
Баллы	20

Interested in the pricing of exploits?

See the underground prices here!