fuyang_lipengjun

4 exploits Active since Jan 2024
CVE-2022-4961 GITEE MEDIUM java
Weitong Mall 1.0.0 - SQL Injection via OrderDao.xml sidx/order Parameter
A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.
27,648 stars
CVSS 5.5
CVE-2025-7936 GITEE MEDIUM java
fuyang_lipengjun platform - SQL Injection via ScheduleJobLogController queryPage
A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is the function queryPage of the file com/platform/controller/ScheduleJobLogController.java. The manipulation of the argument beanName/methodName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
27,648 stars
CVSS 6.3
CVE-2025-7935 GITEE MEDIUM java
fuyang_lipengjun platform < 2025-06-29 - SQL Injection via SysLogController Key Argument
A vulnerability, which was classified as critical, was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the argument key leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
27,648 stars
CVSS 6.3
CVE-2025-7934 GITEE MEDIUM java
fuyang_lipengjun platform - SQL Injection via ScheduleJobController beanName Parameter
A vulnerability, which was classified as critical, has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the function queryPage of the file platform-schedule/src/main/java/com/platform/controller/ScheduleJobController.java. The manipulation of the argument beanName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
27,648 stars
CVSS 6.3