Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jeecg jeecg vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34659
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
Jeecg Jeecg Boot 3.5.0
Jeecg Jeecg Boot 3.5.1
NA
CVE-2023-34660
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
Jeecg Jeecg Boot 3.5.0
Jeecg Jeecg Boot 3.5.1
NA
CVE-2023-40989
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote malicious user to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
Jeecg Jeecg Boot 3.0
Jeecg Jeecg Boot 3.5.3
NA
CVE-2021-37304
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote malicious users to gain escalated privilege and view sensitive information via the httptrace interface.
Jeecg Jeecg
NA
CVE-2021-37305
An Insecure Permissions issue in jeecg-boot 2.4.5 and previous versions allows remote malicious users to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
Jeecg Jeecg
NA
CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and previous versions allows remote malicious users to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
Jeecg Jeecg
NA
CVE-2023-49442
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and previous versions allows malicious users to run arbitrary code via crafted POST request.
Jeecg Jeecg
1 Github repository
7.5
CVSSv2
CVE-2022-22880
Jeecg-boot v3.0 exists to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
Jeecg Jeecg Boot
7.5
CVSSv2
CVE-2022-22881
Jeecg-boot v3.0 exists to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
Jeecg Jeecg Boot
NA
CVE-2023-38905
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local malicious user to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
Jeecg Jeecg Boot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »