SQL Injection Vulnerability in Jeecg-Boot by Jeecg
CVE-2022-22880
9.8CRITICAL
What is CVE-2022-22880?
Jeecg-Boot v3.0 has been identified to have an SQL injection vulnerability that can be exploited through the 'code' parameter in the /jeecg-boot/sys/user/queryUserByDepId endpoint. This flaw could allow unauthorized users to execute arbitrary SQL queries, potentially leading to data compromise and unauthorized access to sensitive information.