Jeecg

jeecg

Vendor: Jeecg • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49442 1Jeecg 1Jeecg Apr 17, 2025 Jan 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.
CVE-2023-24789 1Jeecg 1Jeecg Mar 5, 2025 Mar 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
CVE-2021-37306 1Jeecg 1Jeecg Mar 26, 2025 Feb 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
CVE-2021-37305 1Jeecg 1Jeecg Mar 26, 2025 Feb 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
CVE-2021-37304 1Jeecg 1Jeecg Mar 26, 2025 Feb 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
CVE-2020-20948 1Jeecg 1Jeecg Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.