Mybatis Plus SQL Injection Vulnerability in Versions Below 3.5.3.1

Mybatis Plus SQL Injection Vulnerability in Versions Below 3.5.3.1

CVE-2023-25330 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.