3 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the isExistSqlInjectKeyword function. An attacker can execute unauthorized SQL commands by submitting crafted input to this endpoint. Remediation There is no fixed version for...
SQL Injection
org.jeecgframework.boot, jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper handling of SQL queries in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows an attacker to bypass SQL blacklist restrictions...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the /onlDragDatasetHead/getTotalData component. An attacker can manipulate the backend database and execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Note: This is a bypass f...