Submit #86554: JFinalOA has sql injectioninfo

TitleJFinalOA has sql injection
DescriptionThe product from https://gitee.com/glorylion/JFinalOA. The vulnerability is in src/main/java/com/pointlion/mvc/common/model/SysOrg.java. Codeļ¼š String sql = "select * from sys_org m where m.parent_id='"+id+"' "; if(StrKit.notBlank(type)){ sql = sql + " and m.type='"+type+"' "; } sql = sql + " order by m.sort"; return SysOrg.dao.find(sql); The attacker can use the SQL injection vulnerability to obtain database information. url:/admin/sys/org/getOrgTree?orgid=xxx
Source⚠️ https://github.com/skisw/Vul/blob/main/vuloa
User
 amazingday (UID 40512)
Submission02/09/2023 07:43 (3 years ago)
Moderation02/09/2023 11:59 (4 hours later)
StatusAccepted
VulDB entry220469 [glorylion JFinalOA 1.0.2 SysOrg.java ID sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!