This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: CVE-2023-1454 is an **Unauthenticated SQL Injection** vulnerability in Jeecg-Boot.β¦
π‘οΈ **Root Cause**: **CWE-89** (SQL Injection). The flaw lies in the `/jmreport/qurestSql` endpoint. The `apiSelectId` parameter is **not sanitized**, allowing direct error-based SQL injection. π
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **Jeecg-Boot v3.5.0**. Specifically uses `jimureport-spring-boot-starter-1.5.6.jar`. π **Scope**: ~3,957 assets found via FOFA search for "JeecgBoot δΌδΈηΊ§δ½δ»£η εΉ³ε°".
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hacker Capabilities**: 1. **Data Theft**: Dump DB contents (user info, passwords). 2. **RCE**: Write malicious files (webshells) to the server if permissions allow. 3.β¦
β‘ **Threshold**: **LOW**. No authentication required! π«π It is an **Unauthenticated** vulnerability. Any remote attacker can exploit it without logging in. AC:L (Low Complexity).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Exploitation**: **YES**. Multiple PoCs and Scanners are public on GitHub. π οΈ Tools like `CVE-2023-1454-scan.py` allow bulk scanning. SQLmap can also be used with saved request files. π
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. **FOFA**: Search `title=="JeecgBoot δΌδΈηΊ§δ½δ»£η εΉ³ε°"`. 2. **Scanner**: Run Python scripts against target URLs. 3. **Manual**: Send POST request to `/jmreport/qurestSql` with crafted `apiSelectId`. β οΈ