Vulnerabilities > Jeecg

DATE CVE VULNERABILITY TITLE RISK
2023-08-17 CVE-2023-38905 SQL Injection vulnerability in Jeecg Boot
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
local
low complexity
jeecg CWE-89
5.5
5.5
2023-07-28 CVE-2023-38992 SQL Injection vulnerability in Jeecg Boot 3.5.1
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-06-19 CVE-2023-34602 SQL Injection vulnerability in Jeecg Jeecgboot
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
network
low complexity
jeecg CWE-89
7.5
7.5
2023-06-19 CVE-2023-34603 SQL Injection vulnerability in Jeecg Jeecgboot
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
network
low complexity
jeecg CWE-89
7.5
7.5
2023-06-16 CVE-2023-34659 SQL Injection vulnerability in Jeecg Boot 3.5.0/3.5.1
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-06-16 CVE-2023-34660 Unrestricted Upload of File with Dangerous Type vulnerability in Jeecg Boot 3.5.0/3.5.1
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
network
low complexity
jeecg CWE-434
6.5
6.5
2023-03-31 CVE-2023-1784 Improper Authentication vulnerability in Jeecg Boot 3.5.0
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical.
network
low complexity
jeecg CWE-287
critical
 9.8
9.8
2023-03-30 CVE-2023-1741 SQL Injection vulnerability in Jeecg Boot 3.5.0
A vulnerability was found in jeecg-boot 3.5.0.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-03-17 CVE-2023-1454 SQL Injection vulnerability in Jeecg Jeecg-Boot 3.5.0
A vulnerability classified as critical has been found in jeecg-boot 3.5.0.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-03-06 CVE-2023-24789 SQL Injection vulnerability in Jeecg 3.4.4
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
network
low complexity
jeecg CWE-89
8.8
8.8