Filtered by vendor Jeecg
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8963 | 1 Jeecg | 1 Jimureport | 2025-10-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | |||||
| CVE-2025-10770 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-10771 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-61188 | 1 Jeecg | 1 Jeecg Boot | 2025-10-07 | N/A | 6.3 MEDIUM |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | |||||
| CVE-2025-61189 | 1 Jeecg | 1 Jeecg Boot | 2025-10-07 | N/A | 6.3 MEDIUM |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | |||||
| CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2025-09-29 | N/A | 9.8 CRITICAL |
| An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | |||||
| CVE-2024-48307 | 1 Jeecg | 1 Jeecg Boot | 2025-06-27 | N/A | 9.8 CRITICAL |
| JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | |||||
| CVE-2022-45210 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 4.3 MEDIUM |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | |||||
| CVE-2022-45208 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 4.3 MEDIUM |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | |||||
| CVE-2022-45207 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 9.8 CRITICAL |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | |||||
| CVE-2022-45206 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 9.8 CRITICAL |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. | |||||
| CVE-2022-45205 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 5.3 MEDIUM |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | |||||
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2025-04-17 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | |||||
| CVE-2022-47105 | 1 Jeecg | 1 Jeecg Boot | 2025-04-03 | N/A | 9.8 CRITICAL |
| Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | |||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | |||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | |||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | |||||
| CVE-2023-24789 | 1 Jeecg | 1 Jeecg | 2025-03-05 | N/A | 8.8 HIGH |
| jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | |||||
| CVE-2023-34603 | 1 Jeecg | 1 Jeecgboot | 2024-12-12 | N/A | 7.5 HIGH |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | |||||
| CVE-2023-34602 | 1 Jeecg | 1 Jeecgboot | 2024-12-12 | N/A | 7.5 HIGH |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. | |||||