s-chance
commented
2 days ago This is a solution: https://www.kancloud.cn/smallchill/blade-safety/3234106
Open GatekeeperBuster opened 7 months ago
s-chance
commented
2 days ago This is a solution: https://www.kancloud.cn/smallchill/blade-safety/3234106
Recently, our team found a security vulnerability in the latest version of the project, which has led to the risk of SQL injection, potentially causing severe information leakage. The vulnerability lies within the method: src/main/java/org/springblade/system/user/controller/UserController.java#exportUser.
Developers, while operating the SQL statement through : the src/main/java/org/springblade/system/user/mapper/UserMapper.java#exportUsermethod, directly concatenated the input "ew" parameter to the SQL statement "SELECT id, tenant_id, account, name, real_name, email, phone, birthday, role_id, dept_id, post_id FROM blade_user ${ew.customSqlSegment}" using the " ${ew.customSqlSegment}" syntax. This means that attackers could control the "ew" parameter to execute SQL injection attacks.