This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability Description: | |
The vulnerability involves a time-based blind SQL injection flaw within the "/sys/duplicate/check" API endpoint. By utilizing the "%09" encoding to replace space characters and leveraging the sleep() function, malicious actors can exploit this vulnerability to perform time-delayed SQL injections, potentially compromising the application's database security and integrity. | |
Tested Version(s): | |
Versions Prior to jeecg-boot 3.5.0, Released on 2023-03-08 | |
Acknowledgment and Fix: | |
The jeecg-boot project authors have acknowledged the presence of this vulnerability and have taken steps to address it. The fix for this vulnerability can be found in the project's GitHub repository issue #4737: https://github.com/jeecgboot/jeecg-boot/issues/4737. |