Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mybatis plus SQL注入漏洞
Vulnerability Description
Apache MyBatis是美国阿帕奇(Apache)基金会的一款优秀的持久层框架。支持自定义 SQL、存储过程以及高级映射,免除了几乎所有的 JDBC 代码以及设置参数和获取结果集的工作, 可以通过简单的 XML 或注解来配置和映射原始类型、接口和 Java POJO(Plain Old Java Objects,普通老式 Java 对象)为数据库中的记录。 Mybatis plus 3.5.3.1之前版本存在SQL注入漏洞,攻击者利用该漏洞可以通过tenant ID valuer执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A