What is CVE-2023-1454?

A medium-severity SQL injection vulnerability has been discovered in jeecg-boot 3.5.0. Organizations using this software should prioritize remediation efforts to mitigate potential risks to their systems.

What is the severity of CVE-2023-1454?

CVE-2023-1454 has a severity rating of MEDIUM with a CVSS base score of 6.3.

CVE-2023-1454 | Medium Vulnerability in jeecg jeecg

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.

The vulnerability has been assigned a CVSS score of 6.3, indicating a medium severity level. Despite this classification, the potential for exploitation represents a significant risk to organizations utilizing this software, particularly given its nature as a SQL injection vulnerability.

Risk to organizations includes unauthorized access to sensitive data, which may lead to further exploitation of the system or data breaches. Therefore, organizations should prioritize patching immediately.

The vulnerability is actively discussed within the security community, and its public disclosure means that attackers may leverage this vulnerability to compromise affected systems. Organizations should assess their exposure and take appropriate actions.

With the potential for exploitation being high, it is crucial for security teams to ensure that their systems are updated and patched against this vulnerability.

In summary, the vulnerability in jeecg-boot underscores the need for ongoing vigilance and proactive security measures in software development and deployment.

Vulnerability Details

The vulnerability is a SQL injection flaw found in jeecg-boot version 3.5.0. The CVSS score has been rated at 9.8, classifying it as critical in terms of severity. This vulnerability allows for high confidentiality, integrity, and availability impacts. The official CVE description highlights that the manipulation of the argument apiSelectId is responsible for this SQL injection vulnerability.

The vulnerability is tied to the Common Weakness Enumeration (CWE) ID 89, which is associated with SQL injection vulnerabilities. The vulnerability affects the jeecg_boot component and impacts all versions prior to the vendor patch.

Technical Analysis

The root cause of this vulnerability is the inadequate validation of user input, allowing attackers to manipulate SQL queries. This is classified as a network attack vector with low attack complexity. The attacker requires low privileges and does not need user interaction to exploit this vulnerability.

Confidentiality, integrity, and availability impacts are categorized as low, meaning that while the exploitation may not result in immediate catastrophic failures, it still presents significant risks.

Risk & Impact Analysis

The real-world risk associated with this vulnerability is high, given the nature of SQL injection attacks, which can lead to unauthorized access to sensitive databases and potential data exfiltration. The blast radius can be extensive, impacting all instances of the jeecg-boot application in use.

Organizations should assess their use of the affected product and prioritize necessary updates and patches to mitigate this risk effectively. The urgency of remediation is underscored by the critical nature of SQL injection vulnerabilities.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects jeecg-boot version 3.5.0. Organizations using this software should apply the latest patches to mitigate the risk associated with this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching immediately. The latest version of jeecg-boot should be deployed to ensure that this vulnerability is remediated. If a patch is not available, consider implementing workarounds and hardening your configurations.

Detection Guidance

Monitor logs for unusual queries or access patterns, particularly those related to the jmreport/qurestSql component. Behavioral anomalies should be investigated promptly to mitigate any potential exploitation.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights ongoing challenges in secure software development practices. As SQL injection remains a prevalent attack vector, this incident serves as a reminder for security teams to conduct regular security assessments and foster a culture of security awareness across their organizations.

Security teams should engage in proactive measures such as regular penetration testing and vulnerability management programs to continuously identify and address weaknesses within their applications. For comprehensive security assessments, organizations can consider our penetration testing services to ensure robust defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-1454: Medium Vulnerability in jeecg jeecg_boot