CVE-2023-41544
CRITICAL WAF: Medium
CVSS 9.8
Published: 2023-12-30
CWE-94
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
WAF Coverage Analysis
Code Injection
Medium WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| jeecg | jeecg_boot | up to 3.5.3 |
References
- pho3n1x-web.github.io (Exploit, Third Party Advisory)