CVE-2023-1454

Name of the Vulnerable Software and Affected Versions jeecg-boot version 3.5.0

Description A critical vulnerability has been found in jeecg-boot, affecting an unknown part of the file jmreport/qurestSql. The manipulation of the apiSelectId argument leads to sql injection. It is possible to initiate the attack remotely.

Recommendations For jeecg-boot version 3.5.0, as a temporary workaround, consider restricting access to the jmreport/qurestSql file and avoid using the apiSelectId argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.