SQL Injection Vulnerability in Jeecg-boot Product by Jeecg
CVE-2023-38905
5.5MEDIUM
What is CVE-2023-38905?
Jeecg-boot versions up to and including 3.5.0 are susceptible to an SQL injection vulnerability that can be exploited by a local attacker. This exploit allows the attacker to execute arbitrary SQL commands, potentially leading to a denial of service through functions such as Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE. Organizations using affected versions of Jeecg-boot should prioritize applying patches to mitigate the risk.