CVE-2023-34659

Name of the Vulnerable Software and Affected Versions jeecg-boot versions 3.5.0 through 3.5.1

Description The issue is related to a SQL injection vulnerability. It is associated with the lack of protection measures for the SQL query structure when processing the id parameter. This vulnerability can be exploited by a remote attacker to execute arbitrary SQL queries. The vulnerability is specifically related to the /jeecg-boot/jmreport/show interface.

Recommendations For versions 3.5.0 and 3.5.1, consider restricting access to the /jeecg-boot/jmreport/show interface until a patch is available. Avoid using the id parameter in the affected interface until the issue is resolved. As a temporary workaround, consider implementing input validation and sanitization for the id parameter to minimize the risk of exploitation.