OESA-2023-1998 mybatis security update

The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object...

MyBatis-Plus vulnerable to SQL injection via TenantPlugin

MyBatis-Plus below 3.5.3.1 is vulnerable to SQL injection via the tenant ID value. This may allow remote attackers to execute arbitrary SQL commands...

PT-2023-20027 · Unknown · Mybatis Plus

Name of the Vulnerable Software and Affected Versions: Mybatis plus versions prior to 3.5.3.1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the tenant ID value. This can occur in misconfigured applications. The documentation provides guidance on...

Kirby CMS 3.5.3.1 - (file) Cross-Site Scripting Vulnerability

Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host: User-Agent:...

Verodin Information Disclosure Vulnerability

Verodin is a suite of network security inspection platforms from Verodin, Inc. in the United States. The platform is primarily used to test the effectiveness of security protections for networks, endpoints, email, and cloud controls.Director is Verodin's console program. An information disclosure...