Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNzJmLTRoZ3AtM213Y84AAyKu
jeecg-boot SQL Injection vulnerability
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
Permalink: https://github.com/advisories/GHSA-j72f-4hgp-3mwcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNzJmLTRoZ3AtM213Y84AAyKu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-j72f-4hgp-3mwc, CVE-2023-1454
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1454
- https://github.com/J0hnWalker/jeecg-boot-sqli
- https://vuldb.com/?ctiid.223299
- https://vuldb.com/?id.223299
- https://github.com/advisories/GHSA-j72f-4hgp-3mwc
Blast Radius: 20.1
Affected Packages
maven:org.jeecgframework.boot:jeecg-boot-common
Dependent packages: 4Dependent repositories: 112
Downloads:
Affected Version Ranges: <= 3.5.0
No known fixed version
All affected versions: 3.4.0, 3.4.2, 3.4.3, 3.4.4, 3.5.0