CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49442
https://notcve.org/view.php?id=CVE-2023-49442
03 Jan 2024 — Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. La deserialización de datos que no son de confianza en jeecgFormDemoController en JEECG 4.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario mediante una solicitud POST manipulada. • https://lemono.fun/thoughts/JEECG-RCE.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-37304
https://notcve.org/view.php?id=CVE-2021-37304
03 Feb 2023 — An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. • https://github.com/jeecgboot/jeecg-boot/issues/2793 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37305
https://notcve.org/view.php?id=CVE-2021-37305
03 Feb 2023 — An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37306
https://notcve.org/view.php?id=CVE-2021-37306
03 Feb 2023 — An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 1CVE-2020-23083
https://notcve.org/view.php?id=CVE-2020-23083
03 May 2021 — Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". Una Carga de Archivos Sin Restricciones en JEECG versiones v4.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o alcanzar privilegios al cargar un archivo diseñado en el componente "jeecgFormDemoController.do?commonUpload". • https://github.com/zhangdaiscott/jeecg/issues/56 • CWE-434: Unrestricted Upload of File with Dangerous Type •