Description
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
Remediation
References
https://vuldb.com/?ctiid.223299
https://vuldb.com/?id.223299
https://github.com/J0hnWalker/jeecg-boot-sqli
Related Vulnerabilities
CVE-2020-11022 Vulnerability in maven package org.webjars:jquery
CVE-2021-43807 Vulnerability in maven package org.opencastproject:opencast-common
CVE-2019-17579 Vulnerability in maven package org.sonarsource.sonarqube:sonar-web
CVE-2021-25949 Vulnerability in npm package set-getter
CVE-2020-9483 Vulnerability in maven package org.apache.skywalking:oap-server