Vulnerabilities > J2Eefast
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-02 | CVE-2023-2476 | Unspecified vulnerability in J2Eefast A vulnerability was found in Dromara J2eeFAST up to 2.6.0. | 5.4 |
2023-05-02 | CVE-2023-2475 | Unspecified vulnerability in J2Eefast A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. | 5.4 |
2021-08-12 | CVE-2021-28890 | SQL Injection vulnerability in J2Eefast 2.2.1 J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements. | 9.8 |