Description

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Remediation

References

https://github.com/J0hnWalker/jeecg-boot-sqli

https://vuldb.com/?ctiid.223299

https://vuldb.com/?id.223299

Related Vulnerabilities

CVE-2023-30547 Vulnerability in npm package vm2

CVE-2011-4905 Vulnerability in maven package activemq:activemq-core

CVE-2022-24723 Vulnerability in npm package urijs

CVE-2020-13973 Vulnerability in maven package com.mikesamuel:json-sanitizer

CVE-2020-7679 Vulnerability in npm package casperjs

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Permissions Required VDB Entry NVD-CWE-noinfo