Vulnerability Description
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jeecg | Jimureport | < 1.6.1 |
Related Weaknesses (CWE)
References
- https://github.com/keecth/bug/blob/main/jimureport%20ssti(RCE).mdBroken Link
- https://vuldb.com/?ctiid.237571Permissions RequiredVDB Entry
- https://vuldb.com/?id.237571VDB Entry
- https://github.com/keecth/bug/blob/main/jimureport%20ssti(RCE).mdBroken Link
- https://vuldb.com/?ctiid.237571Permissions RequiredVDB Entry
- https://vuldb.com/?id.237571VDB Entry
FAQ
What is CVE-2023-4450?
CVE-2023-4450 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manip...
How severe is CVE-2023-4450?
CVE-2023-4450 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4450?
Check the references section above for vendor advisories and patch information. Affected products include: Jeecg Jimureport.