JFinalCMS SQL Injection Vulnerability in Content Filtering

A SQL injection vulnerability has been identified in JFinalCMS version 1.0, specifically within the Content entity file. The issue arises because the 'title' parameter is directly concatenated into the SQL filter without proper sanitization. This flaw allows for the manipulation of SQL queries, potentially leading to unauthorized data access or modification. The vulnerability is exploitable only when the 'categoryId' parameter is null.

Impact

Exploitation of this vulnerability allows for time-based or content-based blind SQL injection, where an attacker can manipulate SQL queries to extract or interfere with database information.

Reproduction

To reproduce this vulnerability, send a request to the 'findPage' method of the Content entity with the 'categoryId' parameter set to null. Include a crafted 'title' parameter that exploits the SQL injection flaw, such as one that uses SQL injection techniques like time-based payloads. The SQL injection is successful when 'categoryId' is null, allowing the injected SQL to be executed.