CVE-2022-28111: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
(updated )
MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
References
- github.com/advisories/GHSA-w559-623p-vfg8
- github.com/pagehelper/Mybatis-PageHelper
- github.com/pagehelper/Mybatis-PageHelper.git
- github.com/pagehelper/Mybatis-PageHelper/commit/554a524af2d2b30d09505516adc412468a84d8fa
- github.com/pagehelper/Mybatis-PageHelper/issues/674
- github.com/yangfar/CVE/blob/main/CVE-2022-42227.md
- nvd.nist.gov/vuln/detail/CVE-2022-28111
- pagehelper.github.io/
- www.cnblogs.com/secload/articles/16061420.html
Code Behaviors & Features
Detect and mitigate CVE-2022-28111 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →