CVE-2023-40989

Name of the Vulnerable Software and Affected Versions jeecg-boot versions 3.0 through 3.5.3

Description The issue allows a remote attacker to execute arbitrary code via a crafted request to the "report/jeecgboot/jmreport/queryFieldBySql" component. This enables the attacker to inject SQL code, potentially leading to unauthorized data access or modification.

Recommendations For versions 3.0 through 3.5.3, consider disabling access to the report/jeecgboot/jmreport/queryFieldBySql component until a patch is available. Restrict access to the queryFieldBySql component to minimize the risk of exploitation. Avoid using the report/jeecgboot/jmreport/queryFieldBySql component in production environments until the issue is resolved.