CVE-2024-48307

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.7.1

Description A SQL injection vulnerability was discovered in JeecgBoot via the component /onlDragDatasetHead/getTotalData. This issue allows for potential SQL injection attacks. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For JeecgBoot version 3.7.1, as a temporary workaround, consider disabling the /onlDragDatasetHead/getTotalData component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.