Liaojialin

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.2 **Description** An issue exists in the JSON Object Handler component where the manipulation of the `condition` argument in the '/sys/dict/loadTreeData' endpoint allows for remote SQL injection. SQL injection is a technique where an attacker inserts malicious SQL statements into a query, potentially allowing them to manipulate or access the database. **Recommendations** Update to a version newer than 3.9.1. As a temporary workaround, restrict access to the '/sys/dict/loadTreeData' endpoint or avoid using the `condition` parameter until the update is applied.