CVE-2021-38239 Information

Description

SQL Injection vulnerability in dataease before 1.2.0 allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

Reference

https://github.com/dataease/dataease/issues/510