Soumettre #765093: Jeecgboot 3.9.1 SQL Injectioninformation

TitreJeecgboot 3.9.1 SQL Injection
DescriptionA logic flaw exists in the WAF's SQL injection detection mechanism, allowing attackers to bypass keyword filtering and execute arbitrary SQL queries. The vulnerability stems from a poorly constructed regular expression designed to detect SQL keywords and an asymmetric validation logic that fails to properly sanitize matched substrings.
La source⚠️ https://www.yuque.com/la12138/pa2fpb/ab1i8wyeeg1zzgq5?singleDoc
Utilisateur
 Saul1213 (UID 94577)
Soumission21/02/2026 13:26 (il y a 1 mois)
Modérer06/03/2026 21:58 (13 days later)
StatutAccepté
Entrée VulDB349569 [JeecgBoot jusqu’à 3.9.1 getDictItems isExistSqlInjectKeyword injection SQL]
Points18

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!