Critical severityNVD Advisory· Published Mar 17, 2023· Updated Aug 2, 2024
jeecg-boot qurestSql sql injection
CVE-2023-1454
Description
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jeecgframework.boot:jeecg-boot-commonMaven | <= 3.5.0 | — |
Affected products
2- jeecg-boot/jeecg-bootdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-j72f-4hgp-3mwcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-1454ghsaADVISORY
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.