Based on the provided image, I need to extract and summarize the key information about the vulnerability in Chinese. 1. Vulnerability Overview (漏洞概述): Title: SQL Injection in via unsanitized parameters. Description: A SQL injection vulnerability exists in at line 168. The function directly concatenates user input into the SQL query string without using parameterized queries or proper escaping (e.g., ), making it susceptible to SQL injection attacks. Severity: Critical (8.3 / 10). Impact: CVSS 8.3 (High) CWE 89 (SQL Injection) Full database read/write access for authenticated admin. Potential privilege escalation and data exfiltration. 2. Scope/Affected Version (影响范围): Package: (Composer). Affected Versions: . Fixed Version: None (at the time of the report, though the fix is suggested). Vulnerable Code: (lines 168-170). 3. Proof of Concept (POC) / Exploit Code (利用代码): The image provides a "PoC" section with steps and a code snippet. Steps: 1. Authenticate as admin. 2. Navigate to tag management page. 3. Edit a tag, inject SQL payload in the tag name field. 4. Example payload: . 5. Execute and observe SQL execution result. Vulnerable Code Snippet (from "Vulnerable Code" section): Suggested Fix Code Snippet (from "Suggested Fix" section): 4. Remediation/Fix (修复方案): Use parameterized queries or proper escaping (e.g., ). The "Suggested Fix" shows using for string inputs and for integer inputs. Now, I will format this into the requested Markdown structure. SQL Injection in tag_model.updateTagName() via unsanitized parameters 漏洞概述 漏洞名称: SQL Injection in via unsanitized parameters 严重程度: Critical (8.3 / 10) 描述: 在 函数(第 168 行)中存在 SQL 注入漏洞。该函数直接将用户输入拼接到 SQL 查询字符串中,未使用参数化查询或适当的转义(如 ),导致容易受到 SQL 注入攻击。 影响: CVSS 8.3 (High) CWE 89 (SQL Injection) 认证管理员可获取完整的数据库读写权限。 可能导致权限提升和数据泄露。 影响范围 受影响包: (Composer) 受影响版本: 漏洞文件: (第 168-170 行) 修复方案 建议修复: 使用参数化查询或适当的转义函数(如 )。 修复代码示例: POC 代码与利用步骤 利用步骤: 1. 以管理员身份认证。 2. 导航到标签管理页面。 3. 编辑标签,在标签名称字段中注入 SQL 负载。 4. 示例负载: 5. 执行并观察 SQL 执行结果。 漏洞代码片段 (Vulnerable Code)**: