88250

**Name of the Vulnerable Software and Affected Versions** Siyuan version 3.1.11 **Description** A SQL injection issue has been identified in the `notebook` parameter through the "/searchHistory" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Siyuan version 3.1.11, consider disabling the `notebook` parameter in the "/searchHistory" API endpoint as a temporary workaround until a patch is available. Avoid using the `notebook` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Siyuan version 3.1.11 **Description** A SQL injection issue has been identified. It occurs through the `id` parameter at the "/getAssetContent" API endpoint. **Recommendations** For Siyuan version 3.1.11, as a temporary workaround, consider restricting access to the "/getAssetContent" API endpoint or sanitizing the `id` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Siyuan version 3.1.11 **Description** A SQL injection issue has been identified in Siyuan via the `ids` array parameter in the "/batchGetBlockAttrs" API endpoint. This allows for potential exploitation. **Recommendations** For Siyuan version 3.1.11, as a temporary workaround, consider restricting access to the `/batchGetBlockAttrs` API endpoint or sanitizing the `ids` array parameter to prevent SQL injection attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siyuan version 3.1.11 **Description** A SQL injection issue was found in the `/getHistoryItems` endpoint. This allows for potential exploitation through SQL injection attacks. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Siyuan version 3.1.11, consider restricting access to the `/getHistoryItems` endpoint until a patch is available. As a temporary workaround, avoid using parameters that could lead to SQL injection in this endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.