Time-blind SQL Injection Vulnerability in MyBatis PageHelper

Time-blind SQL Injection Vulnerability in MyBatis PageHelper

CVE-2022-28111 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.