CVE-2023-34659: 
Java vulnerability analysis and mitigation

The SQL injection vulnerability (CVE-2023-34659) affects jeecg-boot versions 3.5.0 and 3.5.1. The vulnerability exists in the id parameter of the /jeecg-boot/jmreport/show interface. This critical vulnerability was discovered and reported in June 2023, with a CVSS v3.1 base score of 9.8, indicating its severe nature (NVD).

The vulnerability stems from improper validation of user input in the id parameter of the /jeecg-boot/jmreport/show interface. The issue occurs when the system processes SQL queries with unsanitized input, allowing for SQL injection attacks. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service. Attackers can potentially add, view, delete, or modify data in the database of the affected application, resulting in complete system compromise (FortiGuard).

Users are advised to apply the most recent upgrade or patch from the vendor. The vulnerability can be addressed by updating to a version newer than 3.5.1 (FortiGuard).