CVE-2024-43028
Received Received - Intake
Command Injection in Jeecg Boot /jmreport/show Allows Code Execution

Publication date: 2026-04-01

Last updated on: 2026-04-06

Assigner: MITRE

Description
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-06
Generated
2026-05-07
AI Q&A
2026-04-01
EPSS Evaluated
2026-05-05
NVD
CVE-2024-43028
EUVD
EUVD-2024-55520
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jeecg jeecg_boot From 3.0 (inc) to 3.5.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2024-43028 is a command injection vulnerability in the JeecgBoot JimuReport component, affecting versions 3.0.0 to 3.5.3.

The vulnerability exists due to insufficient input validation in the /jeecg-boot/jmreport/getQueryInfo endpoint, allowing attackers to inject malicious FreeMarker templates.

This injection can lead to remote code execution on the affected system, enabling attackers to run arbitrary code.


How can this vulnerability impact me? :

This vulnerability can allow attackers to execute arbitrary code remotely on your system.

Successful exploitation could lead to full system compromise, unauthorized access to sensitive data, disruption of services, or further attacks within your network.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The vulnerability affects the JeecgBoot JimuReport component, specifically versions 3.0.0 to 3.5.3, and involves Server-Side Template Injection (SSTI) in the /jeecg-boot/jmreport/getQueryInfo endpoint. Detection can focus on monitoring HTTP requests targeting this endpoint for suspicious or crafted payloads that attempt to inject FreeMarker templates.

You can use network monitoring tools or web application firewalls (WAF) to log and analyze requests to the /jeecg-boot/jmreport/getQueryInfo endpoint. Additionally, manual testing with crafted HTTP requests containing typical SSTI payloads may help identify vulnerable systems.

  • Example curl command to test the endpoint for injection:
  • curl -X POST "http://target-server/jeecg-boot/jmreport/getQueryInfo" -d "param=${7*7}"
  • If the response contains '49' (the result of 7*7), it indicates possible SSTI vulnerability.

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the vulnerable endpoint /jeecg-boot/jmreport/getQueryInfo, applying input validation and sanitization to prevent injection of malicious templates, and updating the JeecgBoot component to a version that patches this vulnerability if available.

If an update or patch is not yet available, consider implementing Web Application Firewall (WAF) rules to block suspicious payloads targeting this endpoint and monitor logs for exploitation attempts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart