SQL Injection in Jeecg-boot v3.0 from Jeecg Technology
CVE-2022-22881

9.8CRITICAL

Key Information:

Vendor: Jeecg
Status: Jeecg Boot
Vendor: CVE Published:; 16 February 2022

What is CVE-2022-22881?

Jeecg-boot version 3.0 is vulnerable to a SQL injection attack through the 'code' parameter in the '/sys/user/queryUserComponentData' endpoint. This flaw allows attackers to manipulate SQL queries, potentially granting them unauthorized access to sensitive user information and compromising the integrity of the database. Proper input validation and parameterized queries are crucial to mitigating this risk.

References

https://github.com/jeecgboot/jeecg-boot/issues/3348

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
Jan 10, 2022

JSON