Recently, our team has identified a security vulnerability within the latest version of the project that has led to the occurrence of SQL injection issues, which could potentially result in a significant risk of information disclosure.
The vulnerability is located in the method top/tangyh/lamp/base/controller/user/BaseEmployeeController.java#page.
Developers, while operating the SQL statement through the top/tangyh/lamp/base/service/user/BaseEmployeeService.findPageResultVO() method, pass the input params parameter to the model via params.getModel().
Subsequently, the model.getRoleId() method is used to directly concatenate the role ID into the SQL statement SELECT eor.employee_id FROM base_employee_org_rel eor WHERE eor.employee_id = e.id AND eor.org_id IN model.getRoleId().
This implies that attackers could potentially control the params parameter to execute an SQL injection attack.
Recently, our team has identified a security vulnerability within the latest version of the project that has led to the occurrence of SQL injection issues, which could potentially result in a significant risk of information disclosure. The vulnerability is located in the method top/tangyh/lamp/base/controller/user/BaseEmployeeController.java#page.
Developers, while operating the SQL statement through the top/tangyh/lamp/base/service/user/BaseEmployeeService.findPageResultVO() method, pass the input params parameter to the model via params.getModel().
Subsequently, the model.getRoleId() method is used to directly concatenate the role ID into the SQL statement SELECT eor.employee_id FROM base_employee_org_rel eor WHERE eor.employee_id = e.id AND eor.org_id IN model.getRoleId(). This implies that attackers could potentially control the params parameter to execute an SQL injection attack.