Vulnerabilities > Jeecg > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2023-47467 | Path Traversal vulnerability in Jeecg Jeecg-Boot 3.6.0 Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | 6.5 |
| 2023-08-17 | CVE-2023-38905 | SQL Injection vulnerability in Jeecg Boot SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. | 5.5 |
| 2023-06-16 | CVE-2023-34660 | Unrestricted Upload of File with Dangerous Type vulnerability in Jeecg Boot 3.5.0/3.5.1 jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. | 6.5 |
| 2022-11-25 | CVE-2022-45205 | SQL Injection vulnerability in Jeecg Boot 3.4.3 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | 5.3 |
| 2022-11-25 | CVE-2022-45208 | SQL Injection vulnerability in Jeecg Boot 3.4.3 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | 4.3 |
| 2022-11-25 | CVE-2022-45210 | SQL Injection vulnerability in Jeecg Boot 3.4.3 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | 4.3 |
| 2022-03-10 | CVE-2021-44585 | Cross-site Scripting vulnerability in Jeecg Boot 3.0 A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | 4.3 |
| 2021-12-27 | CVE-2020-20948 | Exposure of Resource to Wrong Sphere vulnerability in Jeecg 3.8 An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | 5.0 |
| 2021-08-06 | CVE-2020-28087 | SQL Injection vulnerability in Jeecg Boot 2.3 A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. | 5.0 |