CVE-2026-3672 | JeecgBoot up to 3.9.1 getDictItems isExistSqlInjectKeyword sql injection

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability, which was classified as critical, was found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection.

This vulnerability is listed as CVE-2026-3672. The attack may be performed from remote. In addition, an exploit is available.

CVE-2026-3672 | JeecgBoot up to 3.9.1 getDictItems isExistSqlInjectKeyword sql injection

Post correlati

CVE-2024-1190 | Global Scape CuteFTP 9.3.0.3 Host/Username/Password denial of service

CVE-2025-40215 | Linux Kernel xfrm lockdep state issue

CVE-2025-13782 | taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 SlideController SlideController.class.php delete ids sql injection

CVE-2025-6442 | Ruby WEBrick HTTP Request read_header request smuggling