CVE-2023-38905
published 2023-08-17CVE-2023-38905: SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep…
PriorityP423medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.28%
19.4th percentile
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jeecg | jeecg_boot | <= 3.5.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jeecg-boot SQL Injection vulnerability
ghsa·2023-08-17
CVE-2023-38905 [MEDIUM] CWE-89 Jeecg-boot SQL Injection vulnerability
Jeecg-boot SQL Injection vulnerability
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the `Benchmark`, `PG_Sleep`, `DBMS_Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS_PIPE.RECEIVE_MESSAGE` functions.
OSV
Jeecg-boot SQL Injection vulnerability
osv·2023-08-17
CVE-2023-38905 [MEDIUM] Jeecg-boot SQL Injection vulnerability
Jeecg-boot SQL Injection vulnerability
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the `Benchmark`, `PG_Sleep`, `DBMS_Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS_PIPE.RECEIVE_MESSAGE` functions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-17
Published