WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-1454 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common

Description

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Remediation

References

https://vuldb.com/?ctiid.223299

https://vuldb.com/?id.223299

https://github.com/J0hnWalker/jeecg-boot-sqli

Related Vulnerabilities

CVE-2016-10562 Vulnerability in npm package iedriver

CVE-2021-28657 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2020-27219 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-update-server

CVE-2020-2170 Vulnerability in maven package org.jenkins-ci.plugins:rapiddeploy-jenkins

CVE-2023-34212 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Permissions Required Third Party Advisory VDB Entry Exploit