4 matches found
CVE-2026-3672
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
CVE-2026-3672
JeecgBoot up to 3.9.1 contains a SQL injection flaw in isExistSqlInjectKeyword, located in /jeecg-boot/sys/api/getDictItems, allowing remote exploitation. The exploit has been disclosed publicly. No remediation details are provided in the supplied documents.
JeecgBoot SQL注入漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an SQL injection vulnerability. This vulnerability stems from incorrect operations on the isExistSqlInjectKeyword function in the...