Critical severity9.8NVD Advisory· Published Apr 5, 2023· Updated Jun 17, 2026
CVE-2023-25330
CVE-2023-25330
Description
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.baomidou:mybatis-plusMaven | < 3.5.3.1 | 3.5.3.1 |
Affected products
2- Mybatis/Mybatis plusdescription
Patches
Vulnerability mechanics
References
5- github.com/FCncdn/MybatisPlusTenantPluginSQLInjection-POC/blob/master/Readme.en.mdnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-32qq-m9fh-f74wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25330ghsaADVISORY
- baomidou.com/reference/about-cveghsaWEB
- baomidou.com/reference/about-cve/nvd
News mentions
0No linked articles in our index yet.