Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-1454 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common

Description

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Remediation

References

https://github.com/J0hnWalker/jeecg-boot-sqli

https://vuldb.com/?ctiid.223299

https://vuldb.com/?id.223299

Related Vulnerabilities

CVE-2015-1370 Vulnerability in maven package org.webjars:marked

CVE-2018-1000632 Vulnerability in maven package org.jenkins-ci.dom4j:dom4j

CVE-2020-7661 Vulnerability in maven package org.webjars.npm:url-regex

CVE-2022-23461 Vulnerability in maven package org.webjars.npm:jodit

CVE-2022-24999 Vulnerability in maven package org.webjars:qs

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Permissions Required VDB Entry NVD-CWE-noinfo