| 标题 | Jeecgboot 3.9.1 SQL Injection |
|---|
| 描述 | A logic flaw exists in the WAF's SQL injection detection mechanism, allowing attackers to bypass keyword filtering and execute arbitrary SQL queries. The vulnerability stems from a poorly constructed regular expression designed to detect SQL keywords and an asymmetric validation logic that fails to properly sanitize matched substrings. |
|---|
| 来源 | ⚠️ https://www.yuque.com/la12138/pa2fpb/ab1i8wyeeg1zzgq5?singleDoc |
|---|
| 用户 | Saul1213 (UID 94577) |
|---|
| 提交 | 2026-02-21 13時26分 (1 月前) |
|---|
| 管理 | 2026-03-06 21時58分 (13 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 349569 [JeecgBoot 直到 3.9.1 getDictItems isExistSqlInjectKeyword SQL注入] |
|---|
| 积分 | 18 |
|---|