Jjcc20220820

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions up to 3.9.1 **Description** A security issue exists in JeecgBoot that allows for remote execution of attacks. The issue involves a SQL injection that occurs through manipulation of the `keyword` argument within an unknown function of the file /jeecgboot/sys/dict/loadDict/airag app,1,create by of the Backend Interface component. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 3.9.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot version 3.9.0 **Description** A flaw exists in JeecgBoot 3.9.0 related to SQL injection. This issue is present in the Online Report API component, specifically within the `/JeecgBoot/sys/api/loadDictItemByKeyword` endpoint. Manipulation of the `keyword` argument can lead to SQL injection. The exploit is publicly available and may be used to compromise systems remotely. The vendor was contacted but did not respond. **Recommendations** Apply a fix to address the SQL injection issue in the `/JeecgBoot/sys/api/loadDictItemByKeyword` endpoint. Sanitize the `keyword` argument to prevent SQL injection attacks.