CVE-2025-15088
- EPSS 0.04%
- Veröffentlicht 25.12.2025 22:02:06
- Zuletzt bearbeitet 24.02.2026 07:16:56
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Re...
CVE-2025-14694
- EPSS 0.04%
- Veröffentlicht 15.12.2025 00:32:06
- Zuletzt bearbeitet 24.02.2026 06:16:26
A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initiated remotel...
CVE-2025-14088
- EPSS 0.05%
- Veröffentlicht 05.12.2025 14:32:07
- Zuletzt bearbeitet 08.12.2025 18:26:49
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be ca...
CVE-2024-51165
- EPSS 0.18%
- Veröffentlicht 10.12.2024 20:15:20
- Zuletzt bearbeitet 24.06.2025 00:37:18
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVE-2024-51164
- EPSS 1.17%
- Veröffentlicht 15.11.2024 16:15:37
- Zuletzt bearbeitet 24.06.2025 14:37:12
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVE-2024-46535
- EPSS 0.51%
- Veröffentlicht 14.10.2024 17:15:13
- Zuletzt bearbeitet 03.07.2025 13:11:38
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.