wealeson wealeson1

## gist:e24fc8575f4e051320d69e9a75080642
Vulnerability Description:
The vulnerability involves a time-based blind SQL injection flaw within the "/sys/duplicate/check" API endpoint. By utilizing the "%09" encoding to replace space characters and leveraging the sleep() function, malicious actors can exploit this vulnerability to perform time-delayed SQL injections, potentially compromising the application's database security and integrity.

Tested Version(s):
Versions Prior to jeecg-boot 3.5.0, Released on 2023-03-08

Acknowledgment and Fix:
The jeecg-boot project authors have acknowledged the presence of this vulnerability and have taken steps to address it. The fix for this vulnerability can be found in the project's GitHub repository issue #4737: https://github.com/jeecgboot/jeecg-boot/issues/4737.
	Vulnerability Description:
	The vulnerability involves a time-based blind SQL injection flaw within the "/sys/duplicate/check" API endpoint. By utilizing the "%09" encoding to replace space characters and leveraging the sleep() function, malicious actors can exploit this vulnerability to perform time-delayed SQL injections, potentially compromising the application's database security and integrity.

	Tested Version(s):
	Versions Prior to jeecg-boot 3.5.0, Released on 2023-03-08

	Acknowledgment and Fix:
	The jeecg-boot project authors have acknowledged the presence of this vulnerability and have taken steps to address it. The fix for this vulnerability can be found in the project's GitHub repository issue #4737: https://github.com/jeecgboot/jeecg-boot/issues/4737.