CVE-2024-48307
published 2024-10-31CVE-2024-48307: JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
44.30%
98.6th percentile
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jeecg | jeecg_boot | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command{"tableName":"sys_user","compName":"test","condition":{"filter":{}},"config":{"assistValue":[],"assistType":[],"name":[{"fieldName":"concat(md5(999999999),0x3a,0x3a)","fieldType":"string"},{"fieldName":"id","fieldType":"string"}],"value":[{"fieldName":"id","fieldType":"1"}],"type":[]}}
otherYzhjNjA1OTk5ZjNkODM1MmQ3YmI3OTJjZjNmZGIyNWI6Og==
- →Exploit POST requests target the endpoint `/drag/onlDragDatasetHead/getTotalData` with a JSON body containing a SQL injection payload in the `fieldName` parameter (e.g., `concat(md5(...),0x3a,0x3a)`).
- →Successful exploitation is confirmed by the presence of the base64-encoded string `YzhjNjA1OTk5ZjNkODM1MmQ3YmI3OTJjZjNmZGIyNWI6Og==` (md5(999999999)::) in the HTTP response body, combined with a 200 status code and `application/json` content type.
- →The vulnerability is unauthenticated (PR:N); no session or authentication token is required to exploit the endpoint.
- →Asset discovery: use FOFA queries `icon_hash="-250963920"` or `icon_hash=1380908726` or `title="jeecg-boot"`, and Shodan query `http.favicon.hash:"1380908726"` to identify exposed JeecgBoot instances.
- →The attack path may be served under either `/jeecg-boot/` or `/` base paths; both should be monitored.
- ·The Nuclei template targets JeecgBoot v3.7.1 specifically; the SQL injection canary uses `md5(999999999)` with hex-encoded delimiters `0x3a,0x3a` to produce a deterministic, detectable output.
- ·The template uses `stop-at-first-match: true` with a `batteringram` attack across two base paths, meaning only the first successful path match is reported.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
JeecgBoot SQL Injection vulnerability
ghsa·2024-10-31
CVE-2024-48307 [HIGH] CWE-89 JeecgBoot SQL Injection vulnerability
JeecgBoot SQL Injection vulnerability
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.
OSV
JeecgBoot SQL Injection vulnerability
osv·2024-10-31
CVE-2024-48307 [HIGH] JeecgBoot SQL Injection vulnerability
JeecgBoot SQL Injection vulnerability
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.
VulnCheck
JeecgBoot /onlDragDatasetHead/getTotalData SQL Injection Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-48307 [CRITICAL] JeecgBoot /onlDragDatasetHead/getTotalData SQL Injection Vulnerability
JeecgBoot /onlDragDatasetHead/getTotalData SQL Injection Vulnerability
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
Affected: JEECG JeecgBoot
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-24&host_type=src&vulnerability=cve-2024-48307; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-27&host_type=src&vulnerability=cve-2024-48307; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-28&host_type=src&vulnerability=cve-2024-4
No detection rules found.
Nuclei
JeecgBoot v3.7.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-48307 [CRITICAL] JeecgBoot v3.7.1 - SQL Injection
JeecgBoot v3.7.1 - SQL Injection
The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.
Template:
id: CVE-2024-48307
info:
name: JeecgBoot v3.7.1 - SQL Injection
author: lbb,s4e-io
severity: critical
description: |
The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.
impact: |
Unauthenticated attackers can execute arbitrary SQL commands to extract sensitive information from the JeecgBoot database.
remediation: |
Update JeecgBoot to a version that patches CVE-2024-48307.
referen
2024-10-31
Published
Exploited in the wild