'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jeecgboot_multiple_sql_injection_vulnerability(Rule ID:1070210429)

Release Date2025/9/15

Rule NameCVE-2023-38992,CVE-2023-34603,CVE-2022-45205,CVE-2023-34602: JeecgBoot Multiple SQL Injection Vulnerability

Severity:critical

CVE IDCVE-2023-38992 CVE-2023-34603 CVE-2022-45205 CVE-2023-34602

 

Descripiton

JeecgBoot is a low code development platform based on code generator. Back-end separation architecture SpringBoot2.x and 3.x, SpringCloud, Ant Design Vue3, Mybatis plus, Shiro, JWT, support for microservices.JeecgBoot Multiple interface have SQL injection vulnerabilities in the system, unauthenticated remote attacker in addition to SQL injection vulnerabilities is used to collect the information in the database (for example, the password for the administrator background, site users' personal information), Even in the case of high permissions can be written to the server Trojan horse, further access to the server system permissions. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.