CVE-2023-40989

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 22, 2023

Updated: Sep 25, 2023

CWE ID 89

Summary

CVE-2023-40989 is a newly disclosed SQL injection vulnerability affecting jeecgboot's jeecg-boot version 3.0 and 3.5.3. This issue enables remote attackers to inject malicious SQL code into the report/jeecgboot/jmreport/queryFieldBySql component, ultimately leading to the execution of arbitrary code. Successful exploitation of this vulnerability can result in significant data breaches or system compromises. Users are strongly advised to update their jeecg-boot installations to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

JEECG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbNU8F
https://www.cve.org/CVERecord?id=CVE-2023-40989
https://nvd.nist.gov/vuln/detail/CVE-2023-40989

Back to Vulnerability Database

CVE-2023-40989

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations