Jeecg

Jeecg Boot

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-10978

Exploit
  • EPSS 0.03%
  • Veröffentlicht 25.09.2025 23:15:48
  • Zuletzt bearbeitet 09.01.2026 02:30:00

A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed...

5.3

CVE-2025-10977

Exploit
  • EPSS 0.03%
  • Veröffentlicht 25.09.2025 23:15:47
  • Zuletzt bearbeitet 09.01.2026 02:29:40

A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The...

5.3

CVE-2025-10976

Exploit
  • EPSS 0.03%
  • Veröffentlicht 25.09.2025 22:15:34
  • Zuletzt bearbeitet 09.01.2026 02:29:29

A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed rem...

8.8

CVE-2025-10707

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.09.2025 11:32:10
  • Zuletzt bearbeitet 31.12.2025 01:53:45

A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has ...

6.5

CVE-2025-10319

  • EPSS 0.03%
  • Veröffentlicht 12.09.2025 15:15:32
  • Zuletzt bearbeitet 31.12.2025 01:53:39

A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack ca...

8.8

CVE-2025-10318

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.09.2025 12:32:08
  • Zuletzt bearbeitet 31.12.2025 01:53:33

A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to...

7.5

CVE-2025-4533

Exploit
  • EPSS 0.24%
  • Veröffentlicht 11.05.2025 06:31:04
  • Zuletzt bearbeitet 31.12.2025 01:00:06

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the a...

9.8

CVE-2024-48307

Exploit
  • EPSS 92.21%
  • Veröffentlicht 31.10.2024 01:15:14
  • Zuletzt bearbeitet 27.06.2025 19:45:28

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.

9.8

CVE-2023-41544

Exploit
  • EPSS 17.62%
  • Veröffentlicht 30.12.2023 04:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:16

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.

9.8

CVE-2023-41543

Exploit
  • EPSS 0.97%
  • Veröffentlicht 30.12.2023 02:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:16

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.