CVE-2022-2647
- EPSS 0.36%
- Veröffentlicht 04.08.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 07:01:26
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploi...
CVE-2021-44585
- EPSS 0.35%
- Veröffentlicht 10.03.2022 21:15:14
- Zuletzt bearbeitet 21.11.2024 06:31:14
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
CVE-2022-22881
- EPSS 1.03%
- Veröffentlicht 16.02.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:47:35
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
CVE-2022-22880
- EPSS 1.03%
- Veröffentlicht 16.02.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:47:34
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
- EPSS 0.82%
- Veröffentlicht 25.01.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:33:37
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
CVE-2020-28088
- EPSS 5.88%
- Veröffentlicht 06.08.2021 23:15:08
- Zuletzt bearbeitet 21.11.2024 05:22:20
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
CVE-2020-28087
- EPSS 0.71%
- Veröffentlicht 06.08.2021 23:15:07
- Zuletzt bearbeitet 21.11.2024 05:22:19
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.