← voltar
CVE-2023-1454

jeecg-boot qurestSql sql injection

CVSS 6.3 MEDIUMEPSS 35.8%CWE-89
Vexday Risk Score
40Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 6.3EPSS 35.8%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
17 mar 2023Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
n/a · jeecg-boot

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/J0hnWalker/jeecg-boot-sqlihttps://vuldb.com/?ctiid.223299https://vuldb.com/?id.223299