jeecg-boot Sleep Command SysDictMapper.java sql injection
CVE-2023-1741

9.8CRITICAL

Key Information:

Vendor

Jeecg

Status
jeecg-boot
Vendor
CVE Published:
30 March 2023

What is CVE-2023-1741?

A vulnerability exists in Jeecg-Boot 3.5.0, specifically within the Sleep Command Handler's SysDictMapper.java file. This issue allows for SQL injection attacks, which can be executed remotely. The exploit has been made public, potentially enabling attackers to manipulate database queries without proper authorization, posing significant risks to data integrity and confidentiality.

Affected Version(s)

jeecg-boot 3.5.0

References

https://vuldb.com/?id.224629
vdb-entrytechnical-description
https://vuldb.com/?ctiid.224629
signaturepermissions-required
https://github.com/private-null/report/blob/main/README.md
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

xuanshao (VulDB User)
.