2 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the DictTypeDao.go file when processing the orderByColumn and isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...
ruoyi-go 安全漏洞
ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which originates from the improper handling of the orderByColumn/isAsc parameter in the SelectListByPage function in the file...