CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49442
https://notcve.org/view.php?id=CVE-2023-49442
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. La deserialización de datos que no son de confianza en jeecgFormDemoController en JEECG 4.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario mediante una solicitud POST manipulada. • https://lemono.fun/thoughts/JEECG-RCE.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24789
https://notcve.org/view.php?id=CVE-2023-24789
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. • https://github.com/jeecgboot/jeecg-boot/issues/4511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47105
https://notcve.org/view.php?id=CVE-2022-47105
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. Se descubrió que Jeecg-boot v3.4.4 contiene una vulnerabilidad de inyección SQL a través del componente /sys/dict/queryTableData. • https://github.com/jeecgboot/jeecg-boot/issues/4393 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 1CVE-2020-23083
https://notcve.org/view.php?id=CVE-2020-23083
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". Una Carga de Archivos Sin Restricciones en JEECG versiones v4.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o alcanzar privilegios al cargar un archivo diseñado en el componente "jeecgFormDemoController.do?commonUpload". • https://github.com/zhangdaiscott/jeecg/issues/56 • CWE-434: Unrestricted Upload of File with Dangerous Type •