← volver
CVE-2023-1454

jeecg-boot qurestSql sql injection

CVSS 6.3 MEDIUMEPSS 35.8%CWE-89
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 6.3EPSS 35.8%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
17 mar 2023Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Productos afectados
n/a · jeecg-boot

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/J0hnWalker/jeecg-boot-sqlihttps://vuldb.com/?ctiid.223299https://vuldb.com/?id.223299