CVE-2024-35548

2024-05-2821:16:31

[email protected]

web.nvd.nist.gov

nvd

cve-2024-35548

sql injection

mybatis plus

remote attackers

database information

boolean blind injection

misconfigured application

application development

7.4 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor’s position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.

References

baomidou.com/reference/about-cve/

github.com/baomidou/mybatis-plus/issues/6167