CVE-2023-34601 – Jeesite versions before commit 10742d3 contain ... (How to Fix)

Q: What is the severity of CVE-2023-34601?

CVE-2023-34601 has a CVSS score of 9.8 (CRITICAL). Jeesite versions before commit 10742d3 contain a SQL injection vulnerability in the ActDao.xml component via the ${businessTable} parameter. This allows attackers to execute arbitrary SQL commands on the database. Any organization running vulnerable Jeesite installations is affected.

📋 TL;DR

Jeesite versions before commit 10742d3 contain a SQL injection vulnerability in the ActDao.xml component via the ${businessTable} parameter. This allows attackers to execute arbitrary SQL commands on the database. Any organization running vulnerable Jeesite installations is affected.

💻 Affected Systems

Products:

Jeesite

Versions: All versions before commit 10742d3

Operating Systems: All platforms running Jeesite

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the ActDao.xml component specifically when using the ${businessTable} parameter.

📦 What is this software?

Jeesite by Jeesite

View all CVEs affecting Jeesite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or remote code execution on the database server.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal applications could still be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and tooling exists for automated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 10742d3 and later

Vendor Advisory: https://github.com/thinkgem/jeesite/issues/515

Restart Required: Yes

Instructions:

1. Update to Jeesite commit 10742d3 or later. 2. Replace vulnerable ${businessTable} usage with parameterized queries. 3. Restart the application server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the businessTable parameter to allow only alphanumeric characters.

Add input validation in the controller layer before passing to ActDao.xml

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns.

Configure WAF to detect and block SQL injection attempts on /act endpoints

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from critical assets
Enable detailed SQL query logging and monitor for suspicious database activity

🔍 How to Verify

Check if Vulnerable:

Check if your Jeesite version is older than commit 10742d3 by examining the codebase or version metadata.

Check Version:

git log --oneline | grep -i '10742d3' or check version in application properties

Verify Fix Applied:

Verify that the ActDao.xml file no longer contains vulnerable ${businessTable} usage and uses parameterized queries instead.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts via /act endpoints
SQL syntax errors in application logs

Network Indicators:

Unusual outbound database connections
SQL injection patterns in HTTP requests to /act endpoints

SIEM Query:

source="application.logs" AND "ActDao.xml" AND ("SQL" OR "injection" OR "businessTable")

📊 Metadata

CVE ID: CVE-2023-34601

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 22, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/thinkgem/jeesite/issues/515 Exploit,Issue Tracking,Third Party Advisory
https://github.com/thinkgem/jeesite/issues/515 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34601, you might also want to check these: