Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

crmeb_java

There is an SQL injection vulnerability in the crmeb_java system (/api/admin/system/store/order/list) interface.

Issues crmeb/crmeb_java#10

There is an SQL injection vulnerability in the crmeb_java system (/api/admin/system/store/order/list) interface.

crmeb_java系统/api/admin/system/store/order/list接口存在sql注入的问题;

其中keywords参数存在sql注入的问题;

There is a SQL injection vulnerability with the keywords parameter.

image

image

com/zbkj/admin/controller/SystemWriteOffOrderController.java image

keywords字符串拼接导致存在SQL注入;

There is an SQL injection vulnerability due to the string concatenation of the keywords.

com/zbkj/service/service/impl/StoreOrderServiceImpl.java image