VYPR

Jeewms

by Jeewms

CVEs (29)

  • CVE-2024-57757Jan 14, 2025
    risk 0.00cvss epss 0.00

    JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.

  • CVE-2025-0392Jan 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is…

  • CVE-2025-0391Jan 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The…

  • CVE-2025-0390Jan 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated…

  • CVE-2024-12347Dec 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation…

  • CVE-2024-11961Nov 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request…

  • CVE-2024-11251Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The…

  • CVE-2024-27765Mar 5, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.

  • CVE-2024-27764Mar 5, 2024
    risk 0.00cvss epss 0.01

    An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.

Page 2 of 2