Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40326
HistoryApr 28, 2023 - 4:07 a.m.

SQL Injection

2023-04-2804:07:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
sql injection
mybatis-plus-extension
tenantlineinnerinterceptor
arbitrary sql queries
software

0.001 Low

EPSS

Percentile

48.9%

com.baomidou:mybatis-plus-extension is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the tenant ID parameter in TenantLineInnerInterceptor.java allows a malicious user to inject and execute arbitrary SQL queries on the target system.

CPENameOperatorVersion
mybatis-plusle3.5.3
mybatis-plusle3.5.3

0.001 Low

EPSS

Percentile

48.9%