| Title | xierongwkhd weimai-wetapp <=1.0.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability exists in the /admin/auser/getAdmins endpoint. The keyword parameter is passed unsanitized
through the controller → service → MyBatis mapper chain, allowing attackers to inject arbitrary SQL. SQLMap confirmed
exploitability via boolean-based blind and error-based techniques, retrieving the current DB user as root@%. |
|---|
| Source | ⚠️ https://github.com/xierongwkhd/weimai-wetapp/issues/48 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 02/26/2026 04:16 (3 months ago) |
|---|
| Moderation | 03/11/2026 13:33 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 350386 [xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Admin_AdminUserController.java getAdmins keyword sql injection] |
|---|
| Points | 19 |
|---|