Description
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
References (2)
Core 2
Core References
Various Sources
https://baomidou.com/reference/about-cve/
Issue Tracking
https://github.com/baomidou/mybatis-plus/issues/6167
Scores
CVSS v3
5.4
EPSS
0.0037
EPSS Percentile
29.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Published
May 28, 2024
Tracked Since
Feb 18, 2026