The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/casdoor/casdoor(Go) | 0 | 1.13.1 | N/A |
CVSS Metrics
