SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the /onlDragDatasetHead/getTotalData component. An attacker can manipulate the backend database and execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Note: This is a bypass f...

CVE-2024-57606

SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component...

PT-2025-6007 · Beijing Guoju Information Technology Co. · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: Beijing Guoju Information Technology Co., Ltd JeecgBoot version 3.7.2 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the getTotalData component. There is no information provided about the...

VulnCheck KEV: CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

JeecgBoot SQL Injection vulnerability

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

CVE-2024-48307

JeecgBoot v3.7.1 is affected by a SQL Injection vulnerability in the getTotalData endpoint (/onlDragDatasetHead/getTotalData). The CVE-2024-48307 entry, with CWE-89 and CVSS v3.1 score 9.8 (CRITICAL), indicates unauthenticated attackers could inject SQL to exfiltrate data. Related connected docum...