Filtered by vendor Jeecg
Subscriptions
Filtered by product Jeecgboot
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12626 | 1 Jeecg | 1 Jeecgboot | 2025-11-04 | 4.3 Medium |
| A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The root cause was initially fixed but can be evaded with additional encoding. | ||||
| CVE-2025-61188 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-10-07 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-61189 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-10-07 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-51825 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-10-01 | 6.5 Medium |
| JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | ||||
| CVE-2024-48307 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-06-27 | 9.8 Critical |
| JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | ||||
| CVE-2023-34603 | 1 Jeecg | 1 Jeecgboot | 2024-12-12 | 7.5 High |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | ||||
| CVE-2023-34602 | 1 Jeecg | 1 Jeecgboot | 2024-12-12 | 7.5 High |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. | ||||