Mia0A-Hio

**Name of the Vulnerable Software and Affected Versions** dataease versions prior to 1.2.0 **Description** The issue allows attackers to gain sensitive information via the `orders` parameter to the "/api/sys msg/list/1/10" API endpoint. This is a SQL Injection vulnerability. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/sys msg/list/1/10" API endpoint to minimize the risk of exploitation. Avoid using the `orders` parameter in the affected API endpoint until the issue is resolved.