201206030 Novel-Cloud SQL Injection Vulnerability in BookInfoMapper.xml
Vulnerability
A critical SQL injection vulnerability has been identified in version 1.4.0 of 201206030 Novel-Cloud. The issue arises in the 'RestResp' function within the 'BookInfoMapper.xml' file, located in the novel-book-service module. This vulnerability allows remote attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
The vulnerability can be reproduced by sending a crafted request that exploits the SQL injection flaw in the 'RestResp' function of the 'BookInfoMapper.xml' file. This can be done by targeting the application with input that is not properly sanitized, allowing for SQL commands to be injected and executed in the database context.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.