SQL Injection in Jeecg-boot v3.0 from Jeecg Technology
CVE-2022-22881
9.8CRITICAL
What is CVE-2022-22881?
Jeecg-boot version 3.0 is vulnerable to a SQL injection attack through the 'code' parameter in the '/sys/user/queryUserComponentData' endpoint. This flaw allows attackers to manipulate SQL queries, potentially granting them unauthorized access to sensitive user information and compromising the integrity of the database. Proper input validation and parameterized queries are crucial to mitigating this risk.