Jeecgboot
by Jeecg
Source repositories
CVEs (59)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15119 | Low | 0.20 | 3.1 | 0.00 | Dec 28, 2025 | A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is… | ||
| CVE-2025-10977 | Low | 0.20 | 3.1 | 0.00 | Sep 25, 2025 | A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is… | ||
| CVE-2025-10976 | Low | 0.20 | 3.1 | 0.00 | Sep 25, 2025 | A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is… | ||
| CVE-2026-11502 | Low | 0.13 | 3.1 | 0.00 | Jun 8, 2026 | A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login.… | ||
| CVE-2026-11464 | Low | 0.13 | 3.1 | 0.00 | Jun 7, 2026 | A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt… | ||
| CVE-2024-48307 | 0.07 | — | 0.44 | Oct 31, 2024 | JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | |||
| CVE-2026-2555 | 0.00 | — | 0.00 | Feb 16, 2026 | A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to… | |||
| CVE-2025-15121 | 0.00 | — | 0.00 | Dec 28, 2025 | A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about… | |||
| CVE-2025-61189 | 0.00 | — | 0.00 | Oct 1, 2025 | Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory… | |||
| CVE-2025-61188 | 0.00 | — | 0.00 | Oct 1, 2025 | Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | |||
| CVE-2025-51825 | 0.00 | — | 0.00 | Aug 22, 2025 | JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | |||
| CVE-2025-4533 | 0.00 | — | 0.01 | May 11, 2025 | A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to… | |||
| CVE-2023-40989 | 0.00 | — | 0.02 | Sep 22, 2023 | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | |||
| CVE-2023-34603 | 0.00 | — | 0.01 | Jun 19, 2023 | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | |||
| CVE-2022-45205 | 0.00 | — | 0.01 | Nov 25, 2022 | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | |||
| CVE-2022-2647 | 0.00 | — | 0.01 | Aug 4, 2022 | A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the… | |||
| CVE-2022-22881 | 0.00 | — | 0.01 | Feb 16, 2022 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | |||
| CVE-2021-46089 | 0.00 | — | 0.02 | Jan 25, 2022 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | |||
| CVE-2020-28087 | 0.00 | — | 0.02 | Aug 6, 2021 | A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. |
- risk 0.20cvss 3.1epss 0.00
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is…
- risk 0.20cvss 3.1epss 0.00
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is…
- risk 0.20cvss 3.1epss 0.00
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is…
- risk 0.13cvss 3.1epss 0.00
A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login.…
- risk 0.13cvss 3.1epss 0.00
A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt…
- CVE-2024-48307Oct 31, 2024risk 0.07cvss —epss 0.44
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
- CVE-2026-2555Feb 16, 2026risk 0.00cvss —epss 0.00
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to…
- CVE-2025-15121Dec 28, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about…
- CVE-2025-61189Oct 1, 2025risk 0.00cvss —epss 0.00
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory…
- CVE-2025-61188Oct 1, 2025risk 0.00cvss —epss 0.00
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.
- CVE-2025-51825Aug 22, 2025risk 0.00cvss —epss 0.00
JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.
- CVE-2025-4533May 11, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to…
- CVE-2023-40989Sep 22, 2023risk 0.00cvss —epss 0.02
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
- CVE-2023-34603Jun 19, 2023risk 0.00cvss —epss 0.01
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
- CVE-2022-45205Nov 25, 2022risk 0.00cvss —epss 0.01
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
- CVE-2022-2647Aug 4, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the…
- CVE-2022-22881Feb 16, 2022risk 0.00cvss —epss 0.01
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
- CVE-2021-46089Jan 25, 2022risk 0.00cvss —epss 0.02
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
- CVE-2020-28087Aug 6, 2021risk 0.00cvss —epss 0.02
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.
Page 3 of 3