CVE-2023-38905

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
17/08/2023
Last modified:
23/08/2023

Description

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jeecg:jeecg_boot:*:*:*:*:*:*:*:* 3.5.0 (including)