VYPR

Maven package

org.jeecgframework.boot/jeecg-boot-common

pkg:maven/org.jeecgframework.boot/jeecg-boot-common

Vulnerabilities (8)

  • CVE-2024-57606Feb 7, 2025
    affected < 3.7.3fixed 3.7.3

    SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.

  • CVE-2023-41544Dec 30, 2023
    affected <= 3.5.3

    SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.

  • CVE-2023-41543Dec 30, 2023
    affected <= 3.5.3

    SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.

  • CVE-2023-41542Dec 30, 2023
    affected <= 3.5.3

    SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

  • CVE-2023-47467Nov 22, 2023
    affected <= 3.6.0

    Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.

  • CVE-2023-40989Sep 22, 2023
    affected < 3.6.0fixed 3.6.0

    SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

  • CVE-2023-38992Jul 28, 2023
    affected < 3.5.3fixed 3.5.3

    jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.

  • CVE-2023-1454Mar 17, 2023
    affected <= 3.5.0

    A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclo