JeecgBoot <=3.91 SQL Injectionالمعلومات

عنوان	https://github.com/jeecgboot/JeecgBoot <=3.91 SQL Injection
الوصف	JeecgBoot versions up to and including 3.9.1 contain a SQL injection vulnerability in the /sys/dict/loadTreeData API endpoint. The condition parameter accepts a JSON object, and the special key _tableFilterSql within that JSON object is injected directly into a MyBatis dynamic SQL statement using a ${} placeholder (string interpolation), with no sanitization, blacklist filtering, or parameterized binding applied. An authenticated attacker with a valid JWT token (obtainable via normal user login) can craft a malicious condition._tableFilterSql value containing a UNION SELECT payload to extract arbitrary data from the database. Query results are returned directly in the JSON response body in plaintext.
المصدر	⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9571
المستخدم	JD Security SHENYI Team (UID 97436)
ارسال	20/04/2026 02:16 PM (2 أشهر منذ)
الاعتدال	07/05/2026 06:37 PM (17 days later)
الحالة	تمت الموافقة
إدخال VulDB	361902 [JeecgBoot حتى 3.9.1 JSON Object /sys/dict/loadTreeData condition حقن SQL]
النقاط	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!