Filtered by vendor Jeecg
Subscriptions
Filtered by product Jeecgboot
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61188 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-10-07 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-61189 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-10-07 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-51825 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-10-01 | 6.5 Medium |
| JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | ||||
| CVE-2024-48307 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-06-27 | 9.8 Critical |
| JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | ||||
| CVE-2023-34603 | 1 Jeecg | 1 Jeecgboot | 2024-12-12 | 7.5 High |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | ||||
| CVE-2023-34602 | 1 Jeecg | 1 Jeecgboot | 2024-12-12 | 7.5 High |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. | ||||