Submit #295972: PandaX PandaX latest sql injectioninfo

TitlePandaX PandaX latest sql injection
Description/apps/system/services/role_menu.go#L31-L53 There is sql statement splicing, and precompilation is not used. Attackers can splice and execute sql injection. https://github.com/PandaXGO/PandaX/issues/4
Source⚠️ https://github.com/PandaXGO/PandaX/issues/4
User
 linyz-tel (UID 44909)
Submission03/10/2024 04:02 (2 years ago)
Moderation03/16/2024 08:10 (6 days later)
StatusAccepted
VulDB entry257061 [PandaXGO PandaX up to 20240310 role_menu.go InsertRole roleKey sql injection]
Points17

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!