Jeewms
by Jeewms
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57757 | 0.00 | — | 0.00 | Jan 14, 2025 | JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. | |||
| CVE-2025-0392 | 0.00 | — | 0.01 | Jan 11, 2025 | A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is… | |||
| CVE-2025-0391 | 0.00 | — | 0.01 | Jan 11, 2025 | A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The… | |||
| CVE-2025-0390 | 0.00 | — | 0.01 | Jan 11, 2025 | A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated… | |||
| CVE-2024-12347 | 0.00 | — | 0.01 | Dec 8, 2024 | A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation… | |||
| CVE-2024-11961 | 0.00 | — | 0.01 | Nov 28, 2024 | A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request… | |||
| CVE-2024-11251 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The… | |||
| CVE-2024-27765 | 0.00 | — | 0.01 | Mar 5, 2024 | Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. | |||
| CVE-2024-27764 | 0.00 | — | 0.01 | Mar 5, 2024 | An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. |
- CVE-2024-57757Jan 14, 2025risk 0.00cvss —epss 0.00
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
- CVE-2025-0392Jan 11, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is…
- CVE-2025-0391Jan 11, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The…
- CVE-2025-0390Jan 11, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated…
- CVE-2024-12347Dec 8, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation…
- CVE-2024-11961Nov 28, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request…
- CVE-2024-11251Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The…
- CVE-2024-27765Mar 5, 2024risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
- CVE-2024-27764Mar 5, 2024risk 0.00cvss —epss 0.01
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.
Page 2 of 2