Zone1-Z

1 exploit Active since Sep 2023
CVE-2023-40989 NOMISEC CRITICAL NO CODE
jeecg-boot < 3.6.0 - SQL Injection via Report Query Field Endpoint
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
CVSS 9.8