Vulnerabilities > Jeecg > Jeecg Boot > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-47467 Path Traversal vulnerability in Jeecg Jeecg-Boot 3.6.0
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
network
low complexity
jeecg CWE-22
6.5
2023-08-17 CVE-2023-38905 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
local
low complexity
jeecg CWE-89
5.5
2023-06-16 CVE-2023-34660 Unrestricted Upload of File with Dangerous Type vulnerability in Jeecg Boot 3.5.0/3.5.1
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
network
low complexity
jeecg CWE-434
6.5
2022-11-25 CVE-2022-45205 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
network
low complexity
jeecg CWE-89
5.3
2022-11-25 CVE-2022-45208 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.
network
low complexity
jeecg CWE-89
4.3
2022-11-25 CVE-2022-45210 SQL Injection vulnerability in Jeecg Boot 3.4.3
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.
network
low complexity
jeecg CWE-89
4.3
2022-03-10 CVE-2021-44585 Cross-site Scripting vulnerability in Jeecg Boot 3.0
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
network
jeecg CWE-79
4.3
2021-08-06 CVE-2020-28087 SQL Injection vulnerability in Jeecg Boot 2.3
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.
network
low complexity
jeecg CWE-89
5.0