CNNVD-202602-157 Information
CNNVD ID
CNNVD-202602-157
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
JeecgBoot是中国国炬(Jeecg)公司的一个适用于企业 Web 应用程序的 Java 低代码平台。 JeecgBoot 3.9.0版本存在SQL注入漏洞,该漏洞源于对文件/JeecgBoot/sys/api/loadDictItemByKeyword中参数keyword的错误操作,可能导致SQL注入攻击。
Description (English)
JeecgBoot is a Java low-code platform for the enterprise Web application of Jeecg. JeecgBoot 3.9.0 has an injection loophole in SQL, which arises out of a mishandling of the parameter keyword in document/JeecgBoot/sys/api/loadDictItemByKeyword, which could lead to an attack on SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
国炬
Published
2026-02-02
Last Modified
2026-02-24
References
https://vuldb.com/?submit.741647 https://vuldb.com/?ctiid.343677 https://vuldb.com/?id.343677 https://www.yuque.com/meizhiyuwai/sks4nu/clircmda9b8q66lo?singleDoc https://access.redhat.com/security/cve/cve-2026-1746
Patch
https://github.com/jeecgboot/JeecgBoot/releases
Share on: