Xiaolai096

**Name of the Vulnerable Software and Affected Versions** Jepaas version 7.2.8 **Description** A SQL injection vulnerability was discovered in Jepaas via the `orderSQL` parameter at the "/homePortal/loadUserMsg" API endpoint. This issue allows for potential SQL injection attacks. **Recommendations** For Jepaas version 7.2.8, consider disabling the `orderSQL` parameter in the "/homePortal/loadUserMsg" API endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.