Java商城 免费 开源 CRMEB商城JAVA版,SpringBoot + Maven + Swagger + Mybatis Plus + Redis + Uniapp +Vue+elementUI 包含移动端、小程序、PC后台、Api接口;有产品、用户、购物车、订单、积分、优惠券、营销、余额、权限、角色、系统设置、组合数据、可拖拉拽的form表单等模块,大量的减少了二开的成本。
1.22k
stars
364
forks
source link
There is an SQL injection vulnerability in the crmeb_java system (/api/admin/system/store/order/list) interface. #10
Open
ha1yu opened 1 year ago
There is an SQL injection vulnerability in the crmeb_java system (/api/admin/system/store/order/list) interface.
crmeb_java系统/api/admin/system/store/order/list接口存在sql注入的问题;
其中keywords参数存在sql注入的问题; There is a SQL injection vulnerability with the keywords parameter.
com/zbkj/admin/controller/SystemWriteOffOrderController.java
keywords字符串拼接导致存在SQL注入; There is an SQL injection vulnerability due to the string concatenation of the keywords.
com/zbkj/service/service/impl/StoreOrderServiceImpl.java