来源

关联漏洞

描述

jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454)

介绍

# CVE-2023-1454

## jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454)

|   **Vulnerability**  | **jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454)**  |
| :----:   | :-----|
|  **Chinese name**  | jeecg-boot 未授权SQL注入漏洞（CVE-2023-1454 |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [title=="JeecgBoot 企业级低代码平台"](https://fofa.info/result?qbase64=dGl0bGU9PSJKZWVjZ0Jvb3Qg5LyB5Lia57qn5L2O5Luj56CB5bmz5Y%2BwIg%3D%3Da) |
| **Number of assets affected**  | 3957 |
| **Description**  | JeecgBoot is a low -code development platform based on code generator. Java Low Code Platform for Enterprise web applications jeecg-boot(v3.5.0) latest unauthorized sql injection. |
| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |

![](https://s3.bmp.ovh/imgs/2023/03/24/3886eecddee5f04a.gif)

**[Goby Official URL: https://gobies.org/](https://gobies.org/)** 

If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:

1. GitHub issue: https://github.com/gobysec/Goby/issues
2. Telegram Group: http://t.me/gobies (Group benefits: enjoy the version update 1 month in advance) 
3. Telegram Channel: https://t.me/joinchat/ENkApMqOonRhZjFl (Channel benefits: enjoy the version update 1 month in advance) 
4. WeChat Group: First add my personal WeChat: **gobyteam**, I will add everyone to the official WeChat group of Goby. (Group benefits: enjoy the version update 1 month in advance) 

文件快照

 [4.0K]  /data/pocs/24dc9fefa3b4d6d7fe78784f8cc13ddf0d721253
└── [1.8K]  README.md

0 directories, 1 file

备注