'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jeecg-boot_template_injection_vulnerability(Rule ID:1070210357)

Release Date2025/9/15

Rule NameCVE-2023-4450,CVE-2023-40989:JEECG-BOOT Template Injection Vulnerability

Severity:critical

CVE IDCVE-2023-4450 CVE-2023-40989

 

Descripiton

JeecgBoot is a Java low code platform suitable for enterprise web applications in China. JeecgBoot JimuReport 1.6.0 and earlier versions have template injection vulnerabilities due to the use of FreeMarker template engine versions with injection vulnerabilities. Successful exploitation of this vulnerability may result in remote command execution. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.