CVE-2023-34603

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 19, 2023

Updated: Jun 27, 2023

CWE ID 89

Summary

CVE-2023-34603 is a newly identified SQL injection vulnerability affecting JeecgBoot, an open-source Bootstrap-based Java CMS platform, up to version 3.5.1. The issue lies within the queryFilterTableDictInfo function in the SystemApiController component. An attacker can exploit this weakness by injecting malicious SQL queries through user inputs, potentially gaining unauthorized access to sensitive data or executing arbitrary SQL commands. System administrators are strongly advised to update their JeecgBoot installations to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rsirxM
https://www.cve.org/CVERecord?id=CVE-2023-34603
https://nvd.nist.gov/vuln/detail/CVE-2023-34603

Back to Vulnerability Database

CVE-2023-34603

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations