maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对消息或数据结构的处理不恰当

maku-boot SQL注入漏洞

maku-boot是MAKU开源的一套 SpringBoot 快速开发系统。 maku-boot 2.2.0之前版本存在安全漏洞，该漏洞源于计划任务处理程序的文件 AbstractScheduleJob.java 的函数 doExecute操纵会导致注射。

N/A

N/A