jeecg-boot Sleep Command SysDictMapper.java sql injection
Description
A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
jeecg-boot 3.5.0 is vulnerable to SQL injection via SysDictMapper.java, allowing remote attackers to execute arbitrary SQL commands.
Vulnerability
Overview CVE-2023-1741 is a SQL injection vulnerability found in jeecg-boot version 3.5.0. The flaw resides in the SysDictMapper.java file, specifically within the "Sleep Command Handler" component. The vulnerability stems from improper sanitization of user-supplied input, allowing an attacker to inject arbitrary SQL commands into database queries. [1][2]
Exploitation
The attack can be carried out remotely, without requiring any prior authentication according to the available details. The exploit has been publicly disclosed, increasing the risk of active exploitation. The attacker can send crafted requests to the vulnerable endpoint to trigger SQL injection. [2]
Impact
Successful exploitation could allow an attacker to execute arbitrary SQL statements, potentially leading to unauthorized access to sensitive data, modification of database content, or even full compromise of the underlying database server. [2]
Mitigation
As of the publication date (2023-03-30), no official patch has been confirmed for this specific issue in jeecg-boot 3.5.0. Users are advised to upgrade to the latest version of jeecg-boot (if available) or implement input validation and parameterized queries as a workaround. It is also recommended to monitor the project's repository for security updates. [1]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jeecgframework.boot:jeecg-boot-parentMaven | <= 3.5.0 | — |
Affected products
2- jeecg-boot/jeecg-bootdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/private-null/report/blob/main/README.mdghsabroken-linkexploitWEB
- github.com/advisories/GHSA-23xf-5535-62v5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-1741ghsaADVISORY
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.