CVE-2023-49442
https://notcve.org/view.php?id=CVE-2023-49442
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. La deserialización de datos que no son de confianza en jeecgFormDemoController en JEECG 4.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario mediante una solicitud POST manipulada. • https://lemono.fun/thoughts/JEECG-RCE.html • CWE-502: Deserialization of Untrusted Data •
CVE-2023-24789
https://notcve.org/view.php?id=CVE-2023-24789
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. • https://github.com/jeecgboot/jeecg-boot/issues/4511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-37304
https://notcve.org/view.php?id=CVE-2021-37304
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. • https://github.com/jeecgboot/jeecg-boot/issues/2793 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-37306
https://notcve.org/view.php?id=CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-37305
https://notcve.org/view.php?id=CVE-2021-37305
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •