Impact
Gin-vue-admin <= v2.6.5 has SQL injection vulnerability。
SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server.
Patches
53d0338
For more information
Affect Api: /api/sysExportTemplate/exportExcel
Affect Param: order
Affect File: server/service/system/sys_export_template.go
Affect Function: SysExportTemplateService.ExportExcel
func (sysExportTemplateService *SysExportTemplateService) ExportExcel(templateID string, values url.Values) (file *bytes.Buffer, name string, err error) {
// ...
// input param `order`
order := values.Get("order")
if order != "" {
db = db.Order(order)
}
// ...
}PoC:
Impact
Gin-vue-admin <= v2.6.5 has SQL injection vulnerability。
SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server.
Patches
53d0338
For more information
Affect Api:
/api/sysExportTemplate/exportExcelAffect Param:
orderAffect File:
server/service/system/sys_export_template.goAffect Function:
SysExportTemplateService.ExportExcelPoC: