| 标题 | Mini-Tmall当前版本存在SQL注入 |
|---|
| 描述 | https://gitee.com/project_team/Tmall_demo
Mini-Tmall开源项目是一个基于Spring Boot的迷你天猫商城,快速部署运行,适合作为毕设模板 所用技术:Spring Boot/MySQL/Druid/Log4j2/Maven/Echarts/Bootstrap
Mini-Tmall开源项目中发现了一个被归类为严重的漏洞,在前台/produce路径,对参数orderby的操作导致 sql 注入。详细请在链接中查看
The Mini-Tmall open source project is a mini Tmall marketplace based on Spring Boot, which is quickly deployed and run, suitable as a template for the design of the technology used: Spring Boot/MySQL/Druid/Log4j2/Maven/Echarts/Bootstrap
A vulnerability classified as critical was found in the Mini-Tmall open source project where manipulation of the parameter orderby in the foreground/produce path resulted in SQL injection.Please check the link for details |
|---|
| 来源 | ⚠️ https://github.com/FFR66/Mini-Tmall_SQL/blob/main/README.md |
|---|
| 用户 | fkalis (UID 52531) |
|---|
| 提交 | 2023-08-11 10時56分 (3 年前) |
|---|
| 管理 | 2023-08-20 09時06分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 237566 [Mini-Tmall 直到 20230811 1?test=1&test2=2& orderBy SQL注入] |
|---|
| 积分 | 20 |
|---|