CVE-2023-38905

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2023

Updated: Aug 23, 2023

CWE ID 89

Summary

CVE-2023-38905 is a SQL injection vulnerability affecting Jeecg-boot version 3.5.0 and earlier. An attacker located on the same network can exploit this vulnerability by manipulating malicious SQL statements to cause a denial of service. Specifically, this vulnerability can be triggered through the use of functions such as Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE. This issue poses a serious risk to organizations using the affected version of Jeecg-boot and highlights the importance of promptly applying security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

JEECG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6MGw
https://www.cve.org/CVERecord?id=CVE-2023-38905
https://nvd.nist.gov/vuln/detail/CVE-2023-38905

Back to Vulnerability Database

CVE-2023-38905

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations