CVE-2024-40489

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

Improper Control of Generation of Code ('Code Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Non-Repudiation

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities

Applicable Platforms

Languages: Interpreted

Technologies: AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f…

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0

https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp

CVE-2024-40489

Description

Improper Control of Generation of Code ('Code Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter