Jeecg-boot is vulnerable to SQL injection
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
Advisories for Maven/Org.jeecgframework.boot/Jeecg-Boot-Base-Core package
2023
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In JeecgBoot, there is a SQL injection vulnerability that can operate the database with root privileges.