CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49442
https://notcve.org/view.php?id=CVE-2023-49442
03 Jan 2024 — Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. La deserialización de datos que no son de confianza en jeecgFormDemoController en JEECG 4.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario mediante una solicitud POST manipulada. • https://lemono.fun/thoughts/JEECG-RCE.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24789
https://notcve.org/view.php?id=CVE-2023-24789
06 Mar 2023 — jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. • https://github.com/jeecgboot/jeecg-boot/issues/4511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-37304
https://notcve.org/view.php?id=CVE-2021-37304
03 Feb 2023 — An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. • https://github.com/jeecgboot/jeecg-boot/issues/2793 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37305
https://notcve.org/view.php?id=CVE-2021-37305
03 Feb 2023 — An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37306
https://notcve.org/view.php?id=CVE-2021-37306
03 Feb 2023 — An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. • https://github.com/jeecgboot/jeecg-boot/issues/2794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20948
https://notcve.org/view.php?id=CVE-2020-20948
27 Dec 2021 — An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. Una vulnerabilidad de descarga de archivos arbitrarios en jeecg versión v3.8 permite a atacantes acceder a archivos confidenciales por medio de la modificación de la variable "localPath" • https://github.com/zhangdaiscott/jeecg/issues/50 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 1CVE-2020-23083
https://notcve.org/view.php?id=CVE-2020-23083
03 May 2021 — Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". Una Carga de Archivos Sin Restricciones en JEECG versiones v4.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o alcanzar privilegios al cargar un archivo diseñado en el componente "jeecgFormDemoController.do?commonUpload". • https://github.com/zhangdaiscott/jeecg/issues/56 • CWE-434: Unrestricted Upload of File with Dangerous Type •