CVE-2022-28111

Name of the Vulnerable Software and Affected Versions MyBatis PageHelper versions 1.x.x through 5.3.x

Description A time-blind SQL injection vulnerability was discovered in MyBatis PageHelper via the orderBy parameter. This issue allows for potential SQL injection attacks.

Recommendations For MyBatis PageHelper versions 1.x.x through 5.3.x, consider restricting access to the orderBy parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the orderBy parameter in sensitive queries. At the moment, there is no information about a newer version that contains a fix for this vulnerability.