Tbed icon indicating copy to clipboard operation
Tbed copied to clipboard
verified publisher icon Hello-hao

SQL Injection Vulnerability

Open Tyaoo opened this issue 2 years ago • 1 comments

[Suggested description] Tbed was discovered to contain a SQL injection vulnerability via the searchname parameter.

[Vulnerability Type] SQLi

[Vendor of Product] https://github.com/Hello-hao/Tbed

[Affected Product Code Base] v20240111

[Affected Component]

/admin/selectPhoto

[Attack Type] Remote

[Vulnerability details]

image

image

[Impact Code execution] true

[Cause of vulnerability] The searchname parameter was used in ${} format which can cause SQL Injection Vulnerability. image

That's all, thanks.

Tyaoo avatar Jan 18 '24 10:01 Tyaoo

Thank you for raising this vulnerability. I will make improvements in the next version.

Hello-hao avatar Jan 22 '24 01:01 Hello-hao