3 matches found
JeecgBoot v3.7.1 - SQL Injection
The JeecgBoot application is vulnerable to SQL Injection via the getTotalData endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands. id: CVE-2024-48307 info: name: JeecgBoot v3.7.1 - SQL Injection author: lbb,s4e-io...
CVE-2024-48307
creationtimestamp| type| source ---|---|--- 2024-10-31 02:44:13+00:00| seen| https://t.me/cvedetector/9482 2024-12-09 19:07:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-48307.yaml 2025-01-23 00:00:00+00:00| seen| The Shadowserver...
CVE-2024-48307
JeecgBoot v3.7.1 is affected by a SQL Injection vulnerability in the getTotalData endpoint (/onlDragDatasetHead/getTotalData). The CVE-2024-48307 entry, with CWE-89 and CVSS v3.1 score 9.8 (CRITICAL), indicates unauthenticated attackers could inject SQL to exfiltrate data. Related connected docum...