关键信息 Scope of Impact GitHub Repository: https://github.com/jeecgboot/JeecgBoot Stars: 44.9K Version: 3.9.0 Problem Description The interface has a SQL injection vulnerability due to issues in handling subqueries and the blacklisted "!" symbol. Cause of Vulnerability The blacklisting in is incomplete and can be bypassed under certain conditions. POC Vulnerable Endpoint Analysis Call chain: - - - - The function dynamically generates the SQL statement and lacks sufficient checks for injection. Signature Verification The signature verification uses a fixed value with MD5 hashing. It checks for and headers. Risk The unquoted can lead to SQL injection risks. Data can be normally queried using . Conclusion The SQL injection vulnerability is confirmed, and the demonstration shows execution results consistent with the database's table.