Jeecg-Boot is a low-code platform based on a code generator. A SQL injection vulnerability exists in Jeecg-Boot v3.5.3 and earlier versions, which stems from a lack of validation of externally entered SQL statements in the component /jeecg-boot/jmreport/show. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
jeecg jeecg_boot | le | 3.5.3 |