Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-57606
CVE-2024-57606:
Java vulnerability analysis and mitigation
Overview
A SQL injection vulnerability was discovered in Beijing Guoju Information Technology Co., Ltd JeecgBoot version 3.7.2. The vulnerability exists in the getTotalData component and allows remote attackers to obtain sensitive information. The issue was disclosed on February 7, 2025 (NVD, GitHub Issue).
Technical details
The vulnerability exists in the /drag/onlDragDatasetHead/getTotalData interface of JeecgBoot v3.7.2. While this version includes checks for field legitimacy before performing SQL queries, these checks can be bypassed. The vulnerability allows unauthorized SQL injection by manipulating the request parameters, particularly through the manipulation of field names in the JSON payload (GitHub Issue).
Impact
When successfully exploited, this vulnerability allows attackers to obtain sensitive information from the database, including potential access to user credentials and other confidential data stored in the system (NVD).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management