CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24789
https://notcve.org/view.php?id=CVE-2023-24789
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. • https://github.com/jeecgboot/jeecg-boot/issues/4511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-37304
https://notcve.org/view.php?id=CVE-2021-37304
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. • https://github.com/jeecgboot/jeecg-boot/issues/2793 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37306
https://notcve.org/view.php?id=CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37305
https://notcve.org/view.php?id=CVE-2021-37305
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47105
https://notcve.org/view.php?id=CVE-2022-47105
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. Se descubrió que Jeecg-boot v3.4.4 contiene una vulnerabilidad de inyección SQL a través del componente /sys/dict/queryTableData. • https://github.com/jeecgboot/jeecg-boot/issues/4393 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •