Description
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
Remediation
References
https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989
Related Vulnerabilities
CVE-2019-12395 Vulnerability in maven package us.dynmap:dynmap
CVE-2023-39022 Vulnerability in maven package opensymphony:oscore
CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-common_2.11
CVE-2021-43090 Vulnerability in maven package com.predic8:soa-model-core
CVE-2018-12023 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind