CVE-2023-1741: jeecg-boot Sleep Command SysDictMapper.java sql injection
First published: Thu Mar 30 2023(Updated: )
A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jeecg Jeecg Boot | =3.5.0 | |
| =3.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1741?
The severity of CVE-2023-1741 is critical with a CVSS score of 9.8.
What is CVE-2023-1741?
CVE-2023-1741 is a vulnerability in jeecg-boot 3.5.0 that allows for SQL injection through the Sleep Command Handler.
How can this vulnerability be exploited?
This vulnerability can be exploited remotely to launch SQL injection attacks.
Which software versions are affected by CVE-2023-1741?
The vulnerability affects jeecg-boot 3.5.0.
Is there a fix available for CVE-2023-1741?
Yes, it is recommended to update jeecg-boot to a version that has fixed the vulnerability.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/jeecg
- canonical/jeecg jeecg boot
- version/jeecg jeecg boot/3.5.0