Vulnerabilities > Jeesite > Jeesite > 1.2.7

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-34601 SQL Injection vulnerability in Jeesite
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.
network
low complexity
jeesite CWE-89
critical
 9.8
9.8
2022-04-05 CVE-2020-19229 Deserialization of Untrusted Data vulnerability in Jeesite 1.2.7
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437.
network
low complexity
jeesite CWE-502
7.5
7.5
2019-07-23 CVE-2019-1010201 SQL Injection vulnerability in Jeesite 1.2.7
Jeesite 1.2.7 is affected by: SQL Injection.
network
low complexity
jeesite CWE-89
4.0
4.0
2019-07-23 CVE-2019-1010202 XXE vulnerability in Jeesite 1.2.7
Jeesite 1.2.7 is affected by: XML External Entity (XXE).
network
low complexity
jeesite CWE-611
4.0
4.0