Gửi #615210: TDuckCloud tduck-platform 5.1 SQL Injectionthông tin

tiêu đềTDuckCloud tduck-platform 5.1 SQL Injection
Mô tảName: TDuck Platform Version: Community Edition v5.1 Repository: https://gitee.com/TDuckApp/tduck-platform / https://github.com/TDuckCloud/tduck-platform A SQL injection vulnerability exists in TDuck Platform version 5.1 (Community Edition) in the /user/form/data/download/file endpoint via the formKey parameter. The vulnerable parameter is directly concatenated into a SQL statement without proper sanitization or parameterization, leading to arbitrary SQL execution.  The vulnerability can be exploited by authenticated users.  Full technical details and a proof of concept (PoC) are available at: https://github.com/kaixliu56/public_vulns/blob/main/TDuck-sqli.md
Nguồn⚠️ https://github.com/kaixliu56/public_vulns/blob/main/TDuck-sqli.md
Người dùng
 0xc00005 (UID 87052)
Đệ trình13/07/2025 05:34 (cách đây 12 các tháng)
Kiểm duyệt19/07/2025 12:44 (6 days later)
Trạng tháiđược chấp nhận
Mục VulDB317003 [TDuckCloud tduck-platform 5.1 UserFormDataMapper.java UserFormDataMapper formKey Tiêm SQL]
điểm20

TrướcTổng QuanTiếp theo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!