CVE-2022-2647 – jeecg-boot unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2647
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://vuldb.com/?id.205594 https://www.cnblogs.com/J0o1ey/p/16550583.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-44585
https://notcve.org/view.php?id=CVE-2021-44585
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en jeecg-boot versión 3.0, en /jeecg-boot/jmreport/view con un evento de mouseover • https://github.com/jeecgboot/jeecg-boot/issues/3223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-22880
https://notcve.org/view.php?id=CVE-2022-22880
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. Se ha detectado que Jeecg-boot versión v3.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro code en /jeecg-boot/sys/user/queryUserByDepId • https://github.com/jeecgboot/jeecg-boot/issues/3347 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-22881
https://notcve.org/view.php?id=CVE-2022-22881
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. Se ha detectado que Jeecg-boot versión v3.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro code en /sys/user/queryUserComponentData • https://github.com/jeecgboot/jeecg-boot/issues/3348 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46089
https://notcve.org/view.php?id=CVE-2021-46089
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. En JeecgBoot versión 3.0, se presenta una vulnerabilidad de inyección SQL que puede operar la base de datos con privilegios de root • https://github.com/jeecgboot/jeecg-boot/issues/3331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •