CVE-2024-35548

Name of the Vulnerable Software and Affected Versions Mybatis plus versions prior to 3.5.6

Description A SQL injection issue allows remote attackers to obtain database information via a Boolean blind injection. The vendor notes that this can only occur in a misconfigured application, and the documentation provides guidance on developing applications that avoid SQL injection.

Recommendations For Mybatis plus versions prior to 3.5.6, update to version 3.5.6 or later to resolve the issue. As a temporary workaround, consider reviewing and correcting the application configuration to prevent SQL injection, following the vendor's documentation guidelines.