CVE-2023-41542

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

Published: Dec 30, 2023
Updated: May 9, 2024
CVE: CVE-2023-41542
GHSA: GHSA-5v9r-788c-wc8p
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
org.jeecgframework.boot / jeecg-boot-common	-	3.5.3.x
jeecg / jeecg_boot	-	3.5.3.x

https://pho3n1x-web.github.io/2023/09/15/CVE-2023-41542%28JeecgBoot_sql%29
https://pho3n1x-web.github.io/2023/09/15/CVE-2023-41542%28JeecgBoot_sql%29/

Vulnerability Database

CVE-2023-41542