Filtered by vendor Jeecg
Subscribe
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41544 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | |||||
| CVE-2023-41543 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | |||||
| CVE-2023-41542 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | |||||
| CVE-2023-40989 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | |||||
| CVE-2023-38992 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | |||||
| CVE-2023-1454 | 1 Jeecg | 1 Jeecg-boot | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299. | |||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-22881 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | |||||
| CVE-2022-22880 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | |||||
| CVE-2021-46089 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | |||||
| CVE-2021-44585 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | |||||
| CVE-2020-28088 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. | |||||
| CVE-2020-28087 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. | |||||
| CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | |||||