com.baomidou:mybatis-plus-extension is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the tenant ID parameter in TenantLineInnerInterceptor.java
allows a malicious user to inject and execute arbitrary SQL queries on the target system.
CPE | Name | Operator | Version |
---|---|---|---|
mybatis-plus | le | 3.5.3 | |
mybatis-plus | le | 3.5.3 |