CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2647 – jeecg-boot unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2647
04 Aug 2022 — A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://vuldb.com/?id.205594 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44585
https://notcve.org/view.php?id=CVE-2021-44585
10 Mar 2022 — A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en jeecg-boot versión 3.0, en /jeecg-boot/jmreport/view con un evento de mouseover • https://github.com/jeecgboot/jeecg-boot/issues/3223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22880
https://notcve.org/view.php?id=CVE-2022-22880
16 Feb 2022 — Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. Se ha detectado que Jeecg-boot versión v3.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro code en /jeecg-boot/sys/user/queryUserByDepId • https://github.com/jeecgboot/jeecg-boot/issues/3347 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22881
https://notcve.org/view.php?id=CVE-2022-22881
16 Feb 2022 — Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. Se ha detectado que Jeecg-boot versión v3.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro code en /sys/user/queryUserComponentData • https://github.com/jeecgboot/jeecg-boot/issues/3348 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46089
https://notcve.org/view.php?id=CVE-2021-46089
25 Jan 2022 — In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. En JeecgBoot versión 3.0, se presenta una vulnerabilidad de inyección SQL que puede operar la base de datos con privilegios de root • https://github.com/jeecgboot/jeecg-boot/issues/3331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-28088
https://notcve.org/view.php?id=CVE-2020-28088
06 Aug 2021 — An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. Una vulnerabilidad de carga de archivos arbitraria en la ruta /jeecg-boot/sys/common/upload de jeecg-boot CMS versión 2.3, permite a atacantes ejecutar código arbitrario • https://github.com/zhangdaiscott/jeecg-boot/issues/1888 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28087
https://notcve.org/view.php?id=CVE-2020-28087
06 Aug 2021 — A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. Una vulnerabilidad de inyección SQL en la ruta /jeecg boot/sys/dict/loadtreedata de jeecg-boot CMS versión 2.3, permite a atacantes acceder a información confidencial de la base de datos • https://github.com/zhangdaiscott/jeecg-boot/issues/1887 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •