CVE-2022-28111

CRITICAL

MyBatis PageHelper 1.0-3.7.0, 4.0.0-5.0.0, 5.1.0-5.3.0 - Time-Blind SQL Injection via orderBy Parameter

Title source: llm
STIX 2.1

Description

MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.

Scores

CVSS v3 9.8
EPSS 0.0166
EPSS Percentile 73.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
com.github.pagehelper/pagehelper 3.5.0 - 5.3.1Maven
pagehelper_project/pagehelper 1.0 - 3.7.0
Published May 04, 2022
Tracked Since Feb 18, 2026