CVE-2023-38905
MEDIUMjeecg_boot < 3.5.0 - SQL Injection via Multiple Functions
Title source: llmDescription
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://gist.github.com/wealeson1/e24fc8575f4e051320d69e9a75080642
Exploit, Issue Tracking
https://github.com/jeecgboot/jeecg-boot/issues/4737
Scores
CVSS v3
5.5
EPSS
0.0028
EPSS Percentile
19.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (2)
jeecg/jeecg_boot
< 3.5.0
org.jeecgframework.boot/jeecg-boot-parent
0Maven
Published
Aug 17, 2023
Tracked Since
Feb 18, 2026