CVE-2023-1741: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

March 31, 2023 (updated April 15, 2023)

A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.

References

github.com/advisories/GHSA-23xf-5535-62v5
github.com/private-null/report/blob/main/README.md
nvd.nist.gov/vuln/detail/CVE-2023-1741
vuldb.com/?ctiid.224629
vuldb.com/?id.224629

Code Behaviors & Features

Detect and mitigate CVE-2023-1741 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →