Unknown · Jeecg-Boot · CVE-2023-1454
**Name of the Vulnerable Software and Affected Versions**
jeecg-boot version 3.5.0
**Description**
A critical vulnerability has been found in jeecg-boot, affecting an unknown part of the file jmreport/qurestSql. The manipulation of the `apiSelectId` argument leads to sql injection. It is possible to initiate the attack remotely.
**Recommendations**
For jeecg-boot version 3.5.0, as a temporary workaround, consider restricting access to the `jmreport/qurestSql` file and avoid using the `apiSelectId` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.