Vulnerabilities > Jeecg > Jeecg Boot > 3.4.3

DATE CVE VULNERABILITY TITLE RISK
2023-12-30 CVE-2023-41544 Code Injection vulnerability in Jeecg Boot
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
network
low complexity
jeecg CWE-94
critical
 9.8
9.8
2023-12-30 CVE-2023-41542 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-12-30 CVE-2023-41543 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-09-08 CVE-2023-41578 Unspecified vulnerability in Jeecg Boot
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
network
low complexity
jeecg
7.5
7.5
2023-09-08 CVE-2023-42268 SQL Injection vulnerability in Jeecg Boot
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-08-17 CVE-2023-38905 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
local
low complexity
jeecg CWE-89
5.5
5.5
2022-11-25 CVE-2022-45205 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
network
low complexity
jeecg CWE-89
5.3
5.3
2022-11-25 CVE-2022-45206 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2022-11-25 CVE-2022-45207 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2022-11-25 CVE-2022-45208 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.
network
low complexity
jeecg CWE-89
4.3
4.3