Submit #56388: DocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.info

TitleDocSys getReposAllUsers.do 'searchWord' parameter exist sql injection vulnerability.
DescriptionA sql injection vulnerability was found in the DocSys project. Project address: https://gitee.com/RainyGao/DocSys.git https://github.com/RainyGao-GitHub/DocSys Vulnerable xml files: https://gitee.com/RainyGao/DocSys/blob/master/src/com/DocSystem/mapping/ReposAuthMapper.xml It is found that 'queryReposMemberWithParamLike' uses '${}' for the incoming parameters without precompilation. details: https://gitee.com/RainyGao/DocSys/issues/I65QEE
Source⚠️ https://gitee.com/RainyGao/DocSys/issues/I65QEE
User
 archvitio (UID 37313)
Submission12/12/2022 04:14 (4 years ago)
Moderation12/12/2022 07:39 (3 hours later)
StatusAccepted
VulDB entry215278 [RainyGao DocSys getReposAllUsers.do getReposAllUsers searchWord/reposId sql injection]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!