Vulnerabilities > Jeecg > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-41578 Unspecified vulnerability in Jeecg Boot
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
network
low complexity
jeecg
7.5
7.5
2023-06-19 CVE-2023-34602 SQL Injection vulnerability in Jeecg Jeecgboot
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
network
low complexity
jeecg CWE-89
7.5
7.5
2023-06-19 CVE-2023-34603 SQL Injection vulnerability in Jeecg Jeecgboot
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
network
low complexity
jeecg CWE-89
7.5
7.5
2023-03-06 CVE-2023-24789 SQL Injection vulnerability in Jeecg 3.4.4
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
network
low complexity
jeecg CWE-89
8.8
8.8
2023-02-03 CVE-2021-37304 Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
network
low complexity
jeecg CWE-732
7.5
7.5
2023-02-03 CVE-2021-37305 Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
network
low complexity
jeecg CWE-732
7.5
7.5
2023-02-03 CVE-2021-37306 Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
network
low complexity
jeecg CWE-732
7.5
7.5
2021-12-27 CVE-2020-20948 Exposure of Resource to Wrong Sphere vulnerability in Jeecg 3.8
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
network
low complexity
jeecg CWE-668
7.5
7.5
2021-08-06 CVE-2020-28087 SQL Injection vulnerability in Jeecg Boot 2.3
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.
network
low complexity
jeecg CWE-89
7.5
7.5