[security vulnerability] SQL injection #178
Description
Recently, our team found a security vulnerability in the latest version of the project, which has led to the risk of SQL injection, potentially causing severe information leakage. The vulnerability lies within the method: src/main/java/com/paascloud/provider/web/mall/MallAuthRestController.java#queryProductList.
Developers, while operating the SQL statement through : the src/main/java/com/paascloud/provider/service/MdcProductService.java.selectByNameAndCategoryIds() method, directly concatenated the input "orderBy" parameter to the SQL statement "SELECT * from pc_mdc_product where order by ${orderBy}" using the "${orderBy}" syntax.
This means that attackers could control the "orderBy" parameter to execute SQL injection attacks.