CNNVD-202508-2802 Information

CNNVD ID

CNNVD-202508-2802

Related CVE

CVE-2025-51825

• CNNVD Published: 2025-08-22

Description (Chinese)

JeecgBoot是中国国炬（Jeecg）公司的一个适用于企业 Web 应用程序的 Java 低代码平台。 JeecgBoot 3.4.3至3.8.0版本存在安全漏洞，该漏洞源于/jeecg-boot/online/cgreport/head/parseSql端点存在SQL注入漏洞，可能导致绕过SQL黑名单限制。

Description (English)

JeecgBoot is a Java low-code platform for the enterprise Web application of Jeecg. JeecgBoot 3.4.3 to 3.8.0 has a security loophole, which stems from the SQL injection gap at the /jeecg-boot/online/cgreport/head/parseSql end point, which may lead to circumventing the SQL blacklist restriction.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

国炬

Published

2025-08-22

Last Modified

2026-02-24

References

https://r4gd0ll.github.io/2025/JEECGBOOT_BYPASS_SQLInject.html https://github.com/jeecgboot/JeecgBoot/issues/8335 https://nvd.nist.gov/vuln/detail/CVE-2025-51825

Patch

https://github.com/jeecgboot/JeecgBoot/releases