Description
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
Remediation
References
https://github.com/J0hnWalker/jeecg-boot-sqli
https://vuldb.com/?ctiid.223299
https://vuldb.com/?id.223299
Related Vulnerabilities
CVE-2018-3754 Vulnerability in npm package query-mysql
CVE-2021-29620 Vulnerability in maven package com.epam.reportportal:service-api
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-vertx-http
CVE-2020-36187 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-40690 Vulnerability in maven package org.apache.santuario:xmlsec