Description
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
Remediation
References
https://blog.jiguang.xyz/posts/thinkjs-sql-injection/
https://github.com/thinkjs/thinkjs
Related Vulnerabilities
CVE-2023-45134 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-21141 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-25827 Vulnerability in maven package net.opentsdb:opentsdb
CVE-2021-21162 Vulnerability in npm package electron
CVE-2023-25572 Vulnerability in maven package org.webjars.npm:react-admin