SQL Injection Vulnerability in Jeecg-Boot CMS by Jeecg
CVE-2020-28087

7.5HIGH

Key Information:

Vendor: Jeecg
Status: Jeecg Boot
Vendor: CVE Published:; 6 August 2021

What is CVE-2020-28087?

A SQL injection vulnerability exists in the Jeecg-Boot CMS version 2.3, specifically in the /jeecg boot/sys/dict/loadtreedata endpoint. This weakness allows attackers to manipulate SQL queries, thereby gaining unauthorized access to sensitive database information. It is crucial for users and administrators of this CMS to implement security measures to mitigate potential risks associated with this vulnerability.

References

https://github.com/zhangdaiscott/jeecg-boot/issues/1887

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2021
Vulnerability Reserved
Nov 2, 2020