CVE-2026-3672
📋 TL;DR
This SQL injection vulnerability in JeecgBoot allows attackers to execute arbitrary SQL commands through the isExistSqlInjectKeyword function in the /jeecg-boot/sys/api/getDictItems endpoint. Attackers can exploit this remotely to access, modify, or delete database content. All JeecgBoot installations up to version 3.9.1 are affected.
💻 Affected Systems
- JeecgBoot
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, and potential remote code execution via database functions.
Likely Case
Unauthorized data access, privilege escalation, and data manipulation affecting application integrity.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only read access to non-sensitive data.
🎯 Exploit Status
Exploit details are publicly available, making this easily weaponizable by attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
Check JeecgBoot GitHub repository or official channels for security updates. Upgrade to a version beyond 3.9.1 when available.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation and parameterized queries for the getDictItems endpoint
Implement prepared statements and validate all user inputs against SQL injection patterns
Endpoint Restriction
allRestrict access to the vulnerable endpoint using web application firewall rules or access controls
Configure WAF to block SQL injection patterns at /jeecg-boot/sys/api/getDictItems
🧯 If You Can't Patch
- Implement network segmentation to isolate JeecgBoot instances from critical databases
- Enable database auditing and monitoring for suspicious SQL queries
🔍 How to Verify
Check if Vulnerable:
Check JeecgBoot version in application configuration or via version endpoint. If version is 3.9.1 or earlier, it's vulnerable.Check Version:
Check application.properties or pom.xml for version information, or query application metadata endpoints.Verify Fix Applied:
Test the /jeecg-boot/sys/api/getDictItems endpoint with SQL injection payloads after applying fixes.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed authentication attempts followed by SQL errors
- Requests to /jeecg-boot/sys/api/getDictItems with SQL keywords
Network Indicators:
- HTTP POST/GET requests containing SQL injection patterns to the vulnerable endpoint
- Unusual database connection patterns from application servers
SIEM Query:
source="web_logs" AND uri="/jeecg-boot/sys/api/getDictItems" AND (query="UNION" OR query="SELECT" OR query="INSERT" OR query="DELETE")