Description

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Remediation

References

https://github.com/J0hnWalker/jeecg-boot-sqli

https://vuldb.com/?ctiid.223299

https://vuldb.com/?id.223299

Related Vulnerabilities

CVE-2018-3754 Vulnerability in npm package query-mysql

CVE-2021-29620 Vulnerability in maven package com.epam.reportportal:service-api

CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-vertx-http

CVE-2020-36187 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2021-40690 Vulnerability in maven package org.apache.santuario:xmlsec

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Permissions Required VDB Entry NVD-CWE-noinfo