Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java), where courseFavoritesService.deleteCourseFavoritesById is mishandled during use of MyBatis. NOTE: UserController.java has a spelling variation in an annotation: a @RequestMapping("/deleteFaveorite/{ids}") line followed by a "public ModelAndView deleteFavorite" line.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
inxedu SQL注入漏洞
Vulnerability Description
inxedu是中国因酷时代(inxedu)科技公司的一套开源的在线教育平台。该平台包括网校系统、直播系统、考试系统、社区系统和营销官网等。 inxedu 2018-12-24及之前版本中存在SQL注入漏洞,该漏洞源于在使用MyBatis时,程序错误地处理了courseFavoritesService.deleteCourseFavoritesById。远程攻击者可利用该漏洞泄露信息。
CVSS Information
N/A
Vulnerability Type
N/A