jeecgboot JimuReport Template injection
CVE-2023-4450

6.3MEDIUM

Key Information:

Vendor

Jeecgboot

Status
Jimureport
Vendor
CVE Published:
21 August 2023

What is CVE-2023-4450?

A vulnerability exists within the Jeecgboot JimuReport software, specifically concerning the Template Handler component. This remote exploitation vulnerability allows attackers to manipulate the functionality in a way that leads to injection attacks. Successful exploitation could enable unauthorized actions on the affected system. Users are advised to upgrade to version 1.6.1 or later to mitigate the risks associated with this vulnerability. The information has been publicly disclosed, increasing the urgency for remediation to protect against potential attacks.

Affected Version(s)

JimuReport 1.0

JimuReport 1.1

JimuReport 1.2

References

https://vuldb.com/?id.237571
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237571
signaturepermissions-required
https://github.com/keecth/bug/blob/main/jimureport%20ssti...
broken-linkexploitissue-tracking

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

keecth (VulDB User)
.