SQL Injection Vulnerability in Jeecg-Boot Framework from Jeecg
CVE-2022-45208

4.3MEDIUM

Key Information:

Vendor

Jeecg

Vendor
CVE Published:
25 November 2022

What is CVE-2022-45208?

Jeecg-Boot v3.4.3 contains a vulnerability that allows an attacker to execute arbitrary SQL queries through the /sys/user/putRecycleBin component. This may lead to unauthorized access to the database, data leakage, or manipulation of the underlying database structure. It is crucial for users of this framework to apply necessary updates or patches to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.