Vulnerability | jeecg-boot unauthorized SQL Injection Vulnerability (CVE-2023-1454) |
---|---|
Chinese name | jeecg-boot 未授权SQL注入漏洞(CVE-2023-1454 |
CVSS core | 9.8 |
FOFA Query (click to view the results directly) | title=="JeecgBoot 企业级低代码平台" |
Number of assets affected | 3957 |
Description | JeecgBoot is a low -code development platform based on code generator. Java Low Code Platform for Enterprise web applications jeecg-boot(v3.5.0) latest unauthorized sql injection. |
Impact | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |
Goby Official URL: https://gobies.org/
If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:
- GitHub issue: https://github.com/gobysec/Goby/issues
- Telegram Group: http://t.me/gobies (Group benefits: enjoy the version update 1 month in advance)
- Telegram Channel: https://t.me/joinchat/ENkApMqOonRhZjFl (Channel benefits: enjoy the version update 1 month in advance)
- WeChat Group: First add my personal WeChat: gobyteam, I will add everyone to the official WeChat group of Goby. (Group benefits: enjoy the version update 1 month in advance)