Hello-hao
commented
7 months ago Thank you for raising this vulnerability. I will make improvements in the next version.
Open Tyaoo opened 7 months ago
Hello-hao
commented
7 months ago Thank you for raising this vulnerability. I will make improvements in the next version.
[Suggested description] Tbed was discovered to contain a SQL injection vulnerability via the searchname parameter.
[Vulnerability Type] SQLi
[Vendor of Product] https://github.com/Hello-hao/Tbed
[Affected Product Code Base] v20240111
[Affected Component]
/admin/selectPhoto
[Attack Type] Remote
[Vulnerability details]
[Impact Code execution] true
[Cause of vulnerability] The searchname parameter was used in ${} format which can cause SQL Injection Vulnerability.
That's all, thanks.