CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-38905
https://notcve.org/view.php?id=CVE-2023-38905
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. La vulnerabilidad de inyección SQL en Jeecg-boot v.3.5.0 y anteriores permite a un atacante local provocar una denegación de servicio a través de las funciones Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE y DBMS_PIPE.RECEIVE_MESSAGE. • https://gist.github.com/wealeson1/e24fc8575f4e051320d69e9a75080642 https://github.com/jeecgboot/jeecg-boot/issues/4737 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22880
https://notcve.org/view.php?id=CVE-2022-22880
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. Se ha detectado que Jeecg-boot versión v3.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro code en /jeecg-boot/sys/user/queryUserByDepId • https://github.com/jeecgboot/jeecg-boot/issues/3347 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22881
https://notcve.org/view.php?id=CVE-2022-22881
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. Se ha detectado que Jeecg-boot versión v3.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro code en /sys/user/queryUserComponentData • https://github.com/jeecgboot/jeecg-boot/issues/3348 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28088
https://notcve.org/view.php?id=CVE-2020-28088
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. Una vulnerabilidad de carga de archivos arbitraria en la ruta /jeecg-boot/sys/common/upload de jeecg-boot CMS versión 2.3, permite a atacantes ejecutar código arbitrario • https://github.com/zhangdaiscott/jeecg-boot/issues/1888 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28087
https://notcve.org/view.php?id=CVE-2020-28087
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. Una vulnerabilidad de inyección SQL en la ruta /jeecg boot/sys/dict/loadtreedata de jeecg-boot CMS versión 2.3, permite a atacantes acceder a información confidencial de la base de datos • https://github.com/zhangdaiscott/jeecg-boot/issues/1887 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •