Lucene search
China National Vulnerability DatabaseCNVD-2023-70070HistorySep 12, 2023 - 12:00 a.m.
Jeecg-Boot SQL Injection Vulnerability (CNVD-2023-70070)
2023-09-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
jeecg-boot
sql injection
vulnerability
validation
sql commands
database
cnvd-2023-70070
0.001 Low
EPSS
Percentile
33.0%
Jeecg-Boot is a low-code platform based on a code generator. A SQL injection vulnerability exists in Jeecg-Boot v3.5.3 and earlier versions, which stems from a lack of validation of externally entered SQL statements in the component /jeecg-boot/jmreport/show. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jeecg jeecg_boot | le | 3.5.3 |
Related
cvelist
cvelist
CVE-2023-42268
2023-09-08 00:00:00
prion
prion
Sql injection
2023-09-08 19:15:00
osv
osv
CVE-2023-42268
2023-09-08 19:15:44
Jeecg boot SQL Injection vulnerability
2023-09-08 21:30:35
github
github
Jeecg boot SQL Injection vulnerability
2023-09-08 21:30:35
nvd
nvd
CVE-2023-42268
2023-09-08 19:15:44
cve
cve
CVE-2023-42268
2023-09-08 19:15:44