Vulnerabilities > Jeecg

DATE CVE VULNERABILITY TITLE RISK
2024-01-03 CVE-2023-49442 Deserialization of Untrusted Data vulnerability in Jeecg
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.
network
low complexity
jeecg CWE-502
critical
9.8
2023-12-30 CVE-2023-41544 Code Injection vulnerability in Jeecg Boot
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
network
low complexity
jeecg CWE-94
critical
9.8
2023-12-30 CVE-2023-41542 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
network
low complexity
jeecg CWE-89
critical
9.8
2023-12-30 CVE-2023-41543 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
network
low complexity
jeecg CWE-89
critical
9.8
2023-11-27 CVE-2023-6307 Path Traversal vulnerability in Jeecg Jimureport 1.5.9/1.6.0
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1.
network
low complexity
jeecg CWE-22
critical
9.8
2023-11-22 CVE-2023-47467 Path Traversal vulnerability in Jeecg Jeecg-Boot 3.6.0
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
network
low complexity
jeecg CWE-22
6.5
2023-09-22 CVE-2023-40989 SQL Injection vulnerability in Jeecg Boot 3.0/3.5.3
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
network
low complexity
jeecg CWE-89
critical
9.8
2023-09-08 CVE-2023-41578 Unspecified vulnerability in Jeecg Boot
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
network
low complexity
jeecg
7.5
2023-09-08 CVE-2023-42268 SQL Injection vulnerability in Jeecg Boot
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
network
low complexity
jeecg CWE-89
critical
9.8
2023-08-21 CVE-2023-4450 Injection vulnerability in Jeecg Jimureport 1.5.9/1.6.0
A vulnerability was found in jeecgboot JimuReport up to 1.6.0.
network
low complexity
jeecg CWE-74
critical
9.8