CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11251 – erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection
https://notcve.org/view.php?id=CVE-2024-11251
15 Nov 2024 — A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. • https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27764
https://notcve.org/view.php?id=CVE-2024-27764
05 Mar 2024 — An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. Un problema en Jeewms v.3.7 y anteriores permite a un atacante remoto escalar privilegios a través del componente AuthInterceptor. • https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 • CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27765
https://notcve.org/view.php?id=CVE-2024-27765
05 Mar 2024 — Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. Vulnerabilidad de Directory Traversal en Jeewms v.3.7 y anteriores permite a un atacante remoto obtener información confidencial a través del componente cgformTemplateController. • https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •