|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-06-03 | |
| Rule Name: | Jeecg-Boot testConnection Remote Command Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | JeecgBoot is a low code development platform based on a code generator. The testConnection API interface is not authenticated and the dbUrl parameter is not restricted, allowing attackers to make JDBC requests to specified addresses, ultimately leading to remote code execution. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |