Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-1454 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common

Description

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Remediation

References

https://github.com/J0hnWalker/jeecg-boot-sqli

https://vuldb.com/?ctiid.223299

https://vuldb.com/?id.223299

Related Vulnerabilities

CVE-2022-35697 Vulnerability in maven package com.adobe.cq:core.wcm.components.core

CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-common_2.11

CVE-2021-32828 Vulnerability in maven package org.nuxeo.ecm.platform:nuxeo-platform-oauth

CVE-2020-36188 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2021-41165 Vulnerability in npm package ckeditor4

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Permissions Required VDB Entry