-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jeecgframework.boot:jeecg-boot-common | maven | <= 3.7.2 | 3.7.3 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the controller endpoint handling getTotalData requests. The GitHub issue explicitly shows exploitation through this endpoint with SQL injection payloads in fieldName parameters. The endpoint's function would process() these unsanitized inputs to construct database queries, making it the primary vulnerable function. The lack of proper input validation (despite partial fixes) is evidenced by the working bypass POC using parameter manipulation.