| 제목 | Jeecgboot 3.9.1 SQL Injection |
|---|
| 설명 | A logic flaw exists in the WAF's SQL injection detection mechanism, allowing attackers to bypass keyword filtering and execute arbitrary SQL queries. The vulnerability stems from a poorly constructed regular expression designed to detect SQL keywords and an asymmetric validation logic that fails to properly sanitize matched substrings. |
|---|
| 원천 | ⚠️ https://www.yuque.com/la12138/pa2fpb/ab1i8wyeeg1zzgq5?singleDoc |
|---|
| 사용자 | Saul1213 (UID 94577) |
|---|
| 제출 | 2026. 02. 21. PM 01:26 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 06. PM 09:58 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 349569 [JeecgBoot 까지 3.9.1 getDictItems isExistSqlInjectKeyword SQL 주입] |
|---|
| 포인트들 | 18 |
|---|