漏洞描述
Jeecg-Boot v3.5.1 存在SQL注入漏洞,攻击者可以通过在/sys/dict/loadTreeData接口的title参数中注入恶意SQL语句,导致未经授权访问敏感数据。
Jeecg-Boot /sys/dict/loadTreeData SQL 注入漏洞(CVE-2023-38992)
PoC代码
暂无相关漏洞推荐
- POCjeecg-boot-unauth: Jeecg Boot Unauth
- POCjeecg-boot-getdictitemsbytable-sqli: jeecg-boot getDictItemsByTable接口存在SQL注入漏洞
- POCjeecg-boot-jmreport-upload: jeecg-boot-jmreport接口任意文件上传漏洞
- POCJeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞: Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞
- 无POCJeecg-Boot /sys/dict/queryTableData SQL 注入漏洞(CVE-2022-45205)
- POCCVE-2023-1454: Jeecg-boot 3.5.0 qurestSql - SQL Injection
- POCCVE-2023-38992: Jeecg-Boot v3.5.1 - SQL Injection
- POCCVE-2023-1454: Jeecg-boot 3.5.0 qurestSql - SQL Injection
- POCCVE-2023-38992: Jeecg-Boot v3.5.1 - SQL Injection
- 无POCJeecg-boot /api/sys/ng-alain/getDictItemsByTable SQL 注入漏洞