CVE-2023-42268
https://notcve.org/view.php?id=CVE-2023-42268
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. Se descubrió que el arranque de Jeecg hasta v3.5.3 contenía una vulnerabilidad de inyección SQL a través del componente /jeecg-boot/jmreport/show. • https://github.com/jeecgboot/jeecg-boot/issues/5311 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-38992
https://notcve.org/view.php?id=CVE-2023-38992
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. • https://github.com/jeecgboot/jeecg-boot/issues/5173 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-34659
https://notcve.org/view.php?id=CVE-2023-34659
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. • https://github.com/jeecgboot/jeecg-boot/issues/4976 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-34660
https://notcve.org/view.php?id=CVE-2023-34660
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. • https://github.com/jeecgboot/jeecg-boot/issues/4990 • CWE-434: Unrestricted Upload of File with Dangerous Type •