High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-08	CVE-2023-41578	Unspecified vulnerability in Jeecg Boot Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. network low complexity jeecg	7.5
2023-06-19	CVE-2023-34602	SQL Injection vulnerability in Jeecg Jeecgboot JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. network low complexity jeecg CWE-89	7.5
2023-06-19	CVE-2023-34603	SQL Injection vulnerability in Jeecg Jeecgboot JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. network low complexity jeecg CWE-89	7.5
2023-03-06	CVE-2023-24789	SQL Injection vulnerability in Jeecg 3.4.4 jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. network low complexity jeecg CWE-89	8.8
2023-02-03	CVE-2021-37304	Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. network low complexity jeecg CWE-732	7.5
2023-02-03	CVE-2021-37305	Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. network low complexity jeecg CWE-732	7.5
2023-02-03	CVE-2021-37306	Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. network low complexity jeecg CWE-732	7.5
2022-02-16	CVE-2022-22880	SQL Injection vulnerability in Jeecg Boot 3.0 Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. network low complexity jeecg CWE-89	7.5
2022-02-16	CVE-2022-22881	SQL Injection vulnerability in Jeecg Boot 3.0 Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. network low complexity jeecg CWE-89	7.5
2021-08-06	CVE-2020-28088	Unrestricted Upload of File with Dangerous Type vulnerability in Jeecg Boot 2.3 An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. network low complexity jeecg CWE-434	7.5