6 matches found
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 Jeecg-Boot-qurestSql-SQLvuln jmreport/qurestSq...
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 jmreport/qurestSql – Unauthorized SQL inject...
CVE-2023-1454
creationtimestamp| type| source ---|---|--- 2023-03-17 11:36:42+00:00| seen| https://t.me/cibsecurity/60236 2023-03-24 03:10:54+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4024 2023-04-13 07:21:20+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4168 2023-04-13...
org.jeecgframework.boot:jeecg-boot-starter-cloud (>=3.4.0 <=3.5.0), org.jeecgframework.boot:jeecg-boot-starter-lock (>=3.4.0 <=3.5.0) +1 more potentially affected by CVE-2023-1454 via org.jeecgframework.boot:jeecg-boot-common (>=3.4.0 <=3.5.0)
org.jeecgframework.boot:jeecg-boot-common MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.5.0 Source cves: CVE-2023-1454 Source advisory: OSV:GHSA-J72F-4HGP-3MWC...
CVE-2023-1454 jeecg-boot qurestSql sql injection
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...
CVE-2023-1454
Jeecg-boot 3.5.0 is affected by CVE-2023-1454 due to an SQL injection in jmreport/qurestSql via the apiSelectId parameter. Exploitation is possible remotely and public exploits exist (e.g., via PoCs in the provided repositories). Remediation in the connected documents urges upgrading Jeecg-boot t...