CVE-2023-40989

CRITICAL

Jeecg-boot <3.5.3 - SQL Injection

Title source: llm

Description

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

Exploits (1)

nomisec NO CODE

by Zone1-Z · poc

https://github.com/Zone1-Z/CVE-2023-40989

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989

Scores

CVSS v3 9.8

EPSS 0.4283

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (3)

jeecg/jeecg_boot 3.0

jeecg/jeecg_boot 3.5.3

org.jeecgframework.boot/jeecg-boot-common 0 - 3.6.0Maven

Published Sep 22, 2023

Tracked Since Feb 18, 2026