Login Sign Up

CVE-2023-24789

8.8 HIGH
SQL Injection

📋 TL;DR

CVE-2023-24789 is an authenticated SQL injection vulnerability in jeecg-boot's building block report component. Attackers with valid credentials can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion. Organizations using jeecg-boot v3.4.4 are affected.

💻 Affected Systems

Products:
  • jeecg-boot
Versions: v3.4.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the building block report component.

📦 What is this software?

Jeecg by Jeecg

View all CVEs affecting Jeecg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access and manipulation, potentially exposing sensitive business information or user data.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database user privilege restrictions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are commonly exploited, and authenticated access requirement reduces but doesn't eliminate risk.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.4.5 or later

Vendor Advisory: https://github.com/jeecgboot/jeecg-boot/issues/4511

Restart Required: Yes

Instructions:

1. Backup your application and database. 2. Update jeecg-boot to v3.4.5 or later. 3. Restart the application server. 4. Verify the fix by testing the building block report component.

🔧 Temporary Workarounds

Disable Building Block Report Component

all

Temporarily disable or restrict access to the vulnerable component until patching is complete.

Modify application configuration to disable report module access

Implement WAF Rules

all

Deploy web application firewall rules to block SQL injection patterns targeting the report endpoint.

Configure WAF with SQL injection detection rules for /jeecg-boot/report/* endpoints

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries for all report component inputs.
  • Apply principle of least privilege to database accounts used by the application.

🔍 How to Verify

Check if Vulnerable:

Check if running jeecg-boot v3.4.4 and test the building block report component with SQL injection payloads.

Check Version:

Check application.properties or pom.xml for version information, or use the application's about/version endpoint.

Verify Fix Applied:

Verify version is v3.4.5 or later and test that SQL injection attempts are properly rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed authentication attempts followed by report component access
  • Long or malformed parameter values in application logs

Network Indicators:

  • SQL keywords in HTTP POST parameters to report endpoints
  • Unusual database connection patterns from application server

SIEM Query:

source="application.log" AND "report" AND ("SELECT" OR "UNION" OR "INSERT" OR "DELETE")

📊 Metadata

CVE ID: CVE-2023-24789
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: March 6, 2023
Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24789, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)