CVE-2023-4450: jeecgboot JimuReport Template injection
First published: Mon Aug 21 2023(Updated: )
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jeecg Jimureport | <1.6.1 | |
| <1.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-4450.
What is the severity of CVE-2023-4450?
The severity of CVE-2023-4450 is critical (9.8).
What is the affected software version for CVE-2023-4450?
The affected software version for CVE-2023-4450 is jeecgboot JimuReport up to 1.6.0 (up to exclusive).
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-4450?
The Common Weakness Enumeration (CWE) ID for CVE-2023-4450 is CWE-74.
How can the CVE-2023-4450 vulnerability be exploited?
The CVE-2023-4450 vulnerability can be exploited remotely through injection in the component Template Handler.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/title
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- vendor/jeecg
- canonical/jeecg jimureport