CVE-2024-48307

CRITICAL EXPLOITED NUCLEI

JeecgBoot 3.7.1 - SQL Injection via /onlDragDatasetHead/getTotalData

Title source: llm

Exploitation Summary

CVE-2024-48307 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including iSee857, jisi-001. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to obtain a session ID, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

Description

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/JeecgBoot(CVE-2024-48307).py

View Code ZIP pw:eip

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to obtain a session ID, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version not specified)

No auth needed

Prerequisites: Network access to the target · OpenCode service running and accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 1 stars

by jisi-001 · infoleak

https://github.com/jisi-001/CVE-2024-48307POC

View Code ZIP pw:eip

This repository contains a Python-based PoC for CVE-2024-48307, which exploits a SQL injection vulnerability in the jeecg-boot getDictItemsByTable API. The script checks for the presence of the vulnerability by sending crafted requests and verifying the response for specific indicators.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: jeecg-boot

No auth needed

Prerequisites: Network access to the target system · Target system running vulnerable jeecg-boot software

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

JeecgBoot v3.7.1 - SQL Injection

CRITICALby lbb,s4e-io

Shodan: http.favicon.hash:"1380908726"

FOFA: icon_hash="-250963920" || icon_hash=1380908726 || title="jeecg-boot"

References (3)

Core 3

Core References

Product

https://github.com/jeecgboot

Product

https://github.com/jeecgboot/JeecgBoot

Exploit, Issue Tracking

https://github.com/jeecgboot/JeecgBoot/issues/7237

Scores

CVSS v3 9.8

EPSS 0.9221

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2024-12-24

CWE

CWE-89

Status published

Products (2)

jeecg/jeecg_boot 3.7.1

org.jeecgframework.boot/jeecg-boot-parent 0Maven

Published Oct 31, 2024

Tracked Since Feb 18, 2026