PT-2022-12563 · Unknown · Jeecg-Boot

Deep0

Published

2022-01-25

Updated

2022-01-28

CVE-2021-46089

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.0

Description The issue is a SQL injection vulnerability that allows operating the database with root privileges. A patch has been released on the repository's master branch.

Recommendations For JeecgBoot version 3.0, update to the patched version available on the master branch to resolve the issue. As a temporary workaround, consider restricting database access to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-46089

GHSA-26HM-R6MG-963C

Affected Products

Jeecg-Boot

PT-2022-12563 · Unknown · Jeecg-Boot

CVE-2021-46089

Weakness Enumeration

Related Identifiers

Affected Products

References · 7