Jeecg Boot

jeecg_boot

Vendor: Jeecg • 57 CVEs

CVEs (57)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-10980 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 26, 2025 2.1 LOW· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the a...Show more A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10979 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 25, 2025 2.1 LOW· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack...Show more A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10978 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 25, 2025 2.1 LOW· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorizatio...Show more A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10977 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 25, 2025 1.3 LOW· v4 5.3 MEDIUM· v3 2.1 LOW· v2 A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible t...Show more A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10976 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 25, 2025 1.3 LOW· v4 5.3 MEDIUM· v3 2.1 LOW· v2 A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization....Show more A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10707 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 19, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launc...Show more A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10319 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 12, 2025 2.1 LOW· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in imprope...Show more A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-10318 1Jeecg 1Jeecg Boot Apr 29, 2026 Sep 12, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of...Show more A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-4533 1Jeecg 1Jeecg Boot Dec 31, 2025 May 11, 2025 5.1 MEDIUM· v4 7.5 HIGH· v3 3.3 LOW· v2 A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upl...Show more A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-48307 1Jeecg 1Jeecg Boot Jun 27, 2025 Oct 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
CVE-2023-41544 1Jeecg 1Jeecg Boot Nov 21, 2024 Dec 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
CVE-2023-41543 1Jeecg 1Jeecg Boot Nov 21, 2024 Dec 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
CVE-2023-41542 1Jeecg 1Jeecg Boot Nov 21, 2024 Dec 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
CVE-2023-47467 1Jeecg 1Jeecg Boot Jan 2, 2026 Nov 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
CVE-2023-40989 1Jeecg 1Jeecg Boot Nov 21, 2024 Sep 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
CVE-2023-42268 1Jeecg 1Jeecg Boot Nov 21, 2024 Sep 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
CVE-2023-41578 1Jeecg 1Jeecg Boot Nov 21, 2024 Sep 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
CVE-2023-38905 1Jeecg 1Jeecg Boot Nov 21, 2024 Aug 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
CVE-2023-38992 1Jeecg 1Jeecg Boot Nov 21, 2024 Jul 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
CVE-2023-34660 1Jeecg 1Jeecg Boot Nov 21, 2024 Jun 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.

Previous 123 Next