CVE-2024-37896

Name of the Vulnerable Software and Affected Versions: Gin-vue-admin versions 2.6.5 and earlier

Description: The issue is related to a lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries. This occurs when the web application fails to sufficiently validate or sanitize user input, potentially leading to unauthorized database access, data leakage, manipulation, or complete database server compromise.

Recommendations: For Gin-vue-admin versions 2.6.5 and earlier, upgrade to version 2.6.6 or later to address the SQL injection vulnerability. As a temporary workaround, consider restricting user input validation to minimize the risk of exploitation.