CVE-2023-34659
published 2023-06-16CVE-2023-34659: jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.48%
95.7th percentile
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jeecg | jeecg_boot | — | — |
| jeecg | jeecg_boot | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command{"id":"961455b47c0b86dc961e90b5893bff05","apiUrl":"","params":"{\"id\":\"1' or '%1%' like (updatexml(0x3a,concat(1,(version())),1)) or '%%' like '\"}"}
- →Look for POST requests to /jeecg-boot/jmreport/show with a JSON body containing SQL injection payloads in the nested 'id' parameter (e.g., updatexml-based error injection).
- →Detect exploitation by matching response body for XPATH syntax error or SQLException strings, combined with Content-Type: application/json in the response header and HTTP 200 status.
- →Content-Type header of the request must be application/json;charset=UTF-8 for this attack vector.
- →Identify JeecgBoot instances via Shodan favicon hash 1380908726 or FOFA icon_hash=1380908726 for asset discovery.
- ·Vulnerability affects JeecgBoot versions 3.5.0 and 3.5.1 only; other versions are not confirmed vulnerable.
- ·The SQL injection is unauthenticated (PR:N), making it exploitable without credentials, which increases exposure risk.
- ·EPSS score of 0.91195 (99.648th percentile) indicates very high real-world exploitation probability; prioritize detection and patching.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
jeecg-boot SQL injection vulnerability
osv·2023-06-16
CVE-2023-34659 [CRITICAL] jeecg-boot SQL injection vulnerability
jeecg-boot SQL injection vulnerability
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the `id` parameter of the `/jeecg-boot/jmreport/show` interface.
GHSA
jeecg-boot SQL injection vulnerability
ghsa·2023-06-16
CVE-2023-34659 [CRITICAL] CWE-89 jeecg-boot SQL injection vulnerability
jeecg-boot SQL injection vulnerability
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the `id` parameter of the `/jeecg-boot/jmreport/show` interface.
VulnCheck
jeecg jeecg-boot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-34659 [CRITICAL] jeecg jeecg-boot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
jeecg jeecg-boot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
Affected: jeecg jeecg-boot
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-27&host_type=src&vulnerability=cve-2023-34659; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-04&host_type=src&vulnerability=cve-2023-34659; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-10&host_typ
No detection rules found.
Nuclei
JeecgBoot 3.5.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-34659 [CRITICAL] JeecgBoot 3.5.0 - SQL Injection
JeecgBoot 3.5.0 - SQL Injection
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
Template:
id: CVE-2023-34659
info:
name: JeecgBoot 3.5.0 - SQL Injection
author: ritikchaddha
severity: critical
description: |
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade JeecgBoot to a patched version or apply the necessary security patches provided by the vendor.
reference:
- https://github.com/jeecgboot/jeecg-boot/issues/4976
- https://nvd
2023-06-16
Published
Exploited in the wild