CVE-2019-1010201

Name of the Vulnerable Software and Affected Versions: Jeesite versions prior to 4.0

Description: The issue affects the updateProcInsIdByBusinessId() function in src/main/java/com/thinkgem/jeesite/modules/act/ActDao.java, allowing for SQL Injection. This can lead to sensitive information disclosure. The attack vector involves network connectivity and requires authentication.

Recommendations: For versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the updateProcInsIdByBusinessId() function until a patch is available.