Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24789 | 1 Jeecg | 1 Jeecg | 2023-03-10 | N/A | 8.8 HIGH |
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | |||||
CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2023-02-09 | N/A | 7.5 HIGH |
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | |||||
CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2023-02-09 | N/A | 7.5 HIGH |
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | |||||
CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2023-02-09 | N/A | 7.5 HIGH |
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | |||||
CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2022-01-07 | 5.0 MEDIUM | 7.5 HIGH |
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. |