Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
Advisories for Maven/Com.github.pagehelper/Pagehelper package
2022