CVE-2023-34601

Name of the Vulnerable Software and Affected Versions Jeesite versions before commit 10742d3

Description The issue is a SQL injection vulnerability. It occurs via the component ${businessTable} at the /act/ActDao.xml endpoint.

Recommendations For versions before commit 10742d3, update to a version that includes commit 10742d3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /act/ActDao.xml endpoint to minimize the risk of exploitation. Avoid using the ${businessTable} component in the affected endpoint until the issue is resolved.