← back
CVE-2023-1454

jeecg-boot qurestSql sql injection

CVSS 6.3 MEDIUMEPSS 35.8%CWE-89
Vexday Risk Score
40Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.3EPSS 35.8%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
17 Mar 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
n/a · jeecg-boot

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/J0hnWalker/jeecg-boot-sqlihttps://vuldb.com/?ctiid.223299https://vuldb.com/?id.223299