CNNVD-202512-132 Information
CNNVD ID
CNNVD-202512-132
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
WebStack-Guns是Dana Keeling个人开发者的一个开源的网址导航网站项目,后台基于Guns和Springboot。 WebStack-Guns 1.0版本存在SQL注入漏洞,该漏洞源于对文件src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java中参数sort的错误操作,可能导致SQL注入攻击。
Description (English)
WebStack-Guns is an open-source web-based navigation project for Dana Keeling’s personal developer, based on Guns and Springboot. Version 1.0 of WebStack-Guns has an injection loophole in SQL, which is the result of an error in the sort of the parameters in document src/main/java/com/jsnjfz/manage/core/common/contant/factory/PageFactory.java, which could lead to an attack on SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
个人开发者
Published
2025-12-01
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.333821 https://github.com/Xzzz111/exps/blob/main/archives/WebStack-Guns-SQLInjection-1/report.md https://vuldb.com/?submit.692084 https://github.com/Xzzz111/exps/blob/main/archives/WebStack-Guns-SQLInjection-1/report.md#proof-of-concept https://vuldb.com/?id.333821
Share on: