ReportizFlow
Filtered by vendor Jeecg
Subscriptions
Filtered by product Jeecg
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 9.8 Critical |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | ||||
| CVE-2023-24789 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 8.8 High |
| jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | ||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | ||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | ||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | ||||
| CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 7.5 High |
| An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | ||||
Page 1 of 1.