Submeter #765093: Jeecgboot 3.9.1 SQL Injectioninformação

TítuloJeecgboot 3.9.1 SQL Injection
DescriçãoA logic flaw exists in the WAF's SQL injection detection mechanism, allowing attackers to bypass keyword filtering and execute arbitrary SQL queries. The vulnerability stems from a poorly constructed regular expression designed to detect SQL keywords and an asymmetric validation logic that fails to properly sanitize matched substrings.
Fonte⚠️ https://www.yuque.com/la12138/pa2fpb/ab1i8wyeeg1zzgq5?singleDoc
Utilizador
 Saul1213 (UID 94577)
Submissão21/02/2026 13h26 (há 1 mês)
Moderação06/03/2026 21h58 (13 days later)
EstadoAceite
Entrada VulDB349569 [JeecgBoot até 3.9.1 getDictItems isExistSqlInjectKeyword Injeção SQL]
Pontos18

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!