Cangkuai

**Name of the Vulnerable Software and Affected Versions** Mybatis plus versions prior to 3.5.6 **Description** A SQL injection issue allows remote attackers to obtain database information via a Boolean blind injection. The vendor notes that this can only occur in a misconfigured application, and the documentation provides guidance on developing applications that avoid SQL injection. **Recommendations** For Mybatis plus versions prior to 3.5.6, update to version 3.5.6 or later to resolve the issue. As a temporary workaround, consider reviewing and correcting the application configuration to prevent SQL injection, following the vendor's documentation guidelines.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns the default implementation of a Verify function used to check a Captcha. Verification can be bypassed under certain conditions. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.