Recently, our team has identified a security vulnerability within the latest version of the project that has led to the occurrence of SQL injection issues, which could potentially result in a significant risk of information disclosure
The vulnerability entry is located in src/main/java/top/tangyh/lamp/authority/controller/auth/UserController.java#355.
The developer, when operating the SQL statement through the method src/main/java/top/tangyh/lamp/authority/dao/auth/UserMapper.findPage(), passes the input wrapper parameter to ew (Easy Wrapper or similar), and then directly concatenates it to the SQL statement via ew.customSqlSegment in the form of "FROM c_user s ${ew.customSqlSegment}". This means that an attacker can control the wrapper parameter to achieve an SQL injection attack.
Recently, our team has identified a security vulnerability within the latest version of the project that has led to the occurrence of SQL injection issues, which could potentially result in a significant risk of information disclosure
The vulnerability entry is located in src/main/java/top/tangyh/lamp/authority/controller/auth/UserController.java#355.
The developer, when operating the SQL statement through the method src/main/java/top/tangyh/lamp/authority/dao/auth/UserMapper.findPage(), passes the input wrapper parameter to ew (Easy Wrapper or similar), and then directly concatenates it to the SQL statement via ew.customSqlSegment in the form of "FROM c_user s ${ew.customSqlSegment}". This means that an attacker can control the wrapper parameter to achieve an SQL injection attack.