Paderlolo

**Name of the Vulnerable Software and Affected Versions** MyBatis plus version 3.4.3 **Description** The issue concerns a SQL injection vulnerability via the `Column` parameter in the `/core/conditions/AbstractWrapper.java` file. It is noted that the vendor considers the reported execution of a SQL statement as intended behavior. **Recommendations** For MyBatis plus version 3.4.3, consider restricting the use of the `Column` parameter in the `AbstractWrapper.java` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `Column` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.