Jeecg

jeecg

72 CVEs • 4 products

Products (4)

Click to collapse

Toggle

CVEs (72)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45208 1Jeecg 1Jeecg Boot Apr 29, 2025 Nov 25, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.
CVE-2022-45207 1Jeecg 1Jeecg Boot Apr 29, 2025 Nov 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.
CVE-2022-45206 1Jeecg 1Jeecg Boot Apr 29, 2025 Nov 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.
CVE-2022-45205 1Jeecg 1Jeecg Boot Apr 29, 2025 Nov 25, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
CVE-2022-2647 1Jeecg 1Jeecg Boot Nov 21, 2024 Aug 4, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be...Show more A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability.Show less
CVE-2021-44585 1Jeecg 1Jeecg Boot Nov 21, 2024 Mar 10, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
CVE-2022-22881 1Jeecg 1Jeecg Boot Nov 21, 2024 Feb 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
CVE-2022-22880 1Jeecg 1Jeecg Boot Nov 21, 2024 Feb 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
CVE-2021-46089 1Jeecg 1Jeecg Boot Nov 21, 2024 Jan 25, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
CVE-2020-20948 1Jeecg 1Jeecg Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
CVE-2020-28088 1Jeecg 1Jeecg Boot Nov 21, 2024 Aug 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
CVE-2020-28087 1Jeecg 1Jeecg Boot Nov 21, 2024 Aug 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.

Previous 1 2 34