CVE-2023-49442
- EPSS 55.52%
- Veröffentlicht 03.01.2024 21:15:08
- Zuletzt bearbeitet 17.04.2025 19:15:56
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.
CVE-2023-24789
- EPSS 0.14%
- Veröffentlicht 06.03.2023 16:15:10
- Zuletzt bearbeitet 05.03.2025 21:15:16
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
CVE-2021-37304
- EPSS 45.01%
- Veröffentlicht 03.02.2023 18:15:11
- Zuletzt bearbeitet 26.03.2025 17:15:23
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
CVE-2021-37305
- EPSS 27.99%
- Veröffentlicht 03.02.2023 18:15:11
- Zuletzt bearbeitet 26.03.2025 19:15:15
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
CVE-2021-37306
- EPSS 0.21%
- Veröffentlicht 03.02.2023 18:15:11
- Zuletzt bearbeitet 26.03.2025 19:15:15
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
CVE-2020-20948
- EPSS 0.52%
- Veröffentlicht 27.12.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 05:12:19
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.