CVE-2023-1454 – jeecg-boot qurestSql sql injection
https://notcve.org/view.php?id=CVE-2023-1454
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln https://github.com/cjybao/CVE-2023-1454 https://github.com/padbergpete47/CVE-2023-1454 https://github.com/gobysec/CVE-2023-1454 https://github.com/BugFor-Pings/CVE-2023-1454 https://github.com/3yujw7njai/CVE-2023-1454-EXP https://github.com/shad0w0sec/CVE-2023-1454-EXP https://github.com/J0hnWalker/jeecg-boot-sqli https://vuldb.com/?ctiid.223299 https://vuldb.com/?id.223299 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-24789
https://notcve.org/view.php?id=CVE-2023-24789
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. • https://github.com/jeecgboot/jeecg-boot/issues/4511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-37304
https://notcve.org/view.php?id=CVE-2021-37304
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. • https://github.com/jeecgboot/jeecg-boot/issues/2793 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-37306
https://notcve.org/view.php?id=CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-37305
https://notcve.org/view.php?id=CVE-2021-37305
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •