Mybatis-PageHelper is a paging plug-in. An SQL injection vulnerability exists in Mybatis-PageHelper versions 1.0 (inclusive) through 5.3.0 (inclusive), which stems from the orderBy parameter’s lack of validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
Mybatis-PageHelper Mybatis-PageHelper >=1.0, | le | 5.3.0 |