CVE-2023-1454

Опубликовано: 17 мар. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Критический

Описание

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

Ссылки

https://github.com/J0hnWalker/jeecg-boot-sqli
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.223299
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.223299
Third Party Advisory
VDB Entry
https://github.com/J0hnWalker/jeecg-boot-sqli
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.223299
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.223299
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.93335

Критический

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-j72f-4hgp-3mwc

CVSS3: 9.8

github

почти 3 года назад

jeecg-boot SQL Injection vulnerability

EPSS

Процентиль: 100%

0.93335

Критический

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89