Ligng

**Name of the Vulnerable Software and Affected Versions** newbee-mall (aka New Bee) versions prior to 2019-10-23 **Description** The issue allows for SQL Injection through the `search?goodsCategoryId=&keyword=` endpoint in the `NewBeeMallGoodsMapper.xml` file. **Recommendations** For versions prior to 2019-10-23, update to a version released after 2019-10-23 to resolve the issue. As a temporary workaround, consider restricting access to the `search?goodsCategoryId=&keyword=` endpoint until a patch is available. Avoid using the `goodsCategoryId` and `keyword` parameters in the affected endpoint until the issue is resolved.