CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Snyk•added 2025/02/08 12:32 a.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the /onlDragDatasetHead/getTotalData component. An attacker can manipulate the backend database and execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Note: This is a bypass f...

9.8CVSS8.6AI score0.92209EPSS

Exploits2References2

VulnCheck KEV•added 2024/12/24 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS5.8AI score0.92209EPSS

Exploits1References1

OSV•added 2024/10/31 3:30 a.m.•9 views

GHSA-MCW3-H5XG-R95M JeecgBoot SQL Injection vulnerability

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS9.8AI score0.92209EPSS

Exploits1References4

Github Security Blog•added 2024/10/31 3:30 a.m.•13 views

JeecgBoot SQL Injection vulnerability

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS8.2AI score0.92209EPSS

Exploits1References5Affected Software1

NVD•added 2024/10/31 1:15 a.m.•19 views

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS0.92209EPSS

Exploits1References3

CVE•added 2024/10/31 12:0 a.m.•72 views

CVE-2024-48307

JeecgBoot v3.7.1 is affected by a SQL Injection vulnerability in the getTotalData endpoint (/onlDragDatasetHead/getTotalData). The CVE-2024-48307 entry, with CWE-89 and CVSS v3.1 score 9.8 (CRITICAL), indicates unauthenticated attackers could inject SQL to exfiltrate data. Related connected docum...

9.8CVSS8.3AI score0.92209EPSS

In wildExploits1References3Affected Software1