Closed
Description
Vulnerability name:SQL injection
Vulnerability level:Medium risk
Affected version:v2021.1000.1081<=v2022.1000.3031
Vulnerability location:
Log in to the background and click the database function module to select the data batch replacement function


Intercept selection data table

Enter payload to attack

Audit the code. There is no restriction on the type and length of the parameter tables, and there is no token verification

This vulnerability can obtain a large amount of data

Metadata
Assignees
Labels
No labels