CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47467
https://notcve.org/view.php?id=CVE-2023-47467
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. La vulnerabilidad de Directory Traversal en jeecg-boot v.3.6.0 permite a un atacante remoto con privilegios obtener información confidencial a través de la estructura del directorio de archivos. • https://www.yuque.com/u2479829/tegvu8/dvmfdl5fssfen05q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-40989
https://notcve.org/view.php?id=CVE-2023-40989
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. Vulnerabilidad de inyección SQL en jeecgboot jeecg-boot v 3.0, 3.5.3 que permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada al componente report/jeecgboot/jmreport/queryFieldBySql. • https://github.com/Zone1-Z/CVE-2023-40989 https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41578
https://notcve.org/view.php?id=CVE-2023-41578
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. Se descubrió que el arranque de Jeecg hasta v3.5.3 contenía una vulnerabilidad de lectura arbitraria de ficheros a través de la interfaz /testConnection. • https://github.com/Snakinya/Bugs/issues/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42268
https://notcve.org/view.php?id=CVE-2023-42268
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. Se descubrió que el arranque de Jeecg hasta v3.5.3 contenía una vulnerabilidad de inyección SQL a través del componente /jeecg-boot/jmreport/show. • https://github.com/jeecgboot/jeecg-boot/issues/5311 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2023-4450 – jeecgboot JimuReport Template injection
https://notcve.org/view.php?id=CVE-2023-4450
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. • https://github.com/ilikeoyt/CVE-2023-4450-Attack https://github.com/keecth/bug/blob/main/jimureport%20ssti(RCE).md https://vuldb.com/?ctiid.237571 https://vuldb.com/?id.237571 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •