VYPR

Jeecgboot

by Jeecg

Source repositories

CVEs (59)

  • CVE-2025-15119LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is…

  • CVE-2025-10977LowSep 25, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is…

  • CVE-2025-10976LowSep 25, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is…

  • CVE-2026-11502LowJun 8, 2026
    risk 0.13cvss 3.1epss 0.00

    A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login.…

  • CVE-2026-11464LowJun 7, 2026
    risk 0.13cvss 3.1epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt…

  • CVE-2024-48307Oct 31, 2024
    risk 0.07cvss epss 0.44

    JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.

  • CVE-2026-2555Feb 16, 2026
    risk 0.00cvss epss 0.00

    A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to…

  • CVE-2025-15121Dec 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about…

  • CVE-2025-61189Oct 1, 2025
    risk 0.00cvss epss 0.00

    Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory…

  • CVE-2025-61188Oct 1, 2025
    risk 0.00cvss epss 0.00

    Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.

  • CVE-2025-51825Aug 22, 2025
    risk 0.00cvss epss 0.00

    JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.

  • CVE-2025-4533May 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to…

  • CVE-2023-40989Sep 22, 2023
    risk 0.00cvss epss 0.02

    SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

  • CVE-2023-34603Jun 19, 2023
    risk 0.00cvss epss 0.01

    JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.

  • CVE-2022-45205Nov 25, 2022
    risk 0.00cvss epss 0.01

    Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.

  • CVE-2022-2647Aug 4, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the…

  • CVE-2022-22881Feb 16, 2022
    risk 0.00cvss epss 0.01

    Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.

  • CVE-2021-46089Jan 25, 2022
    risk 0.00cvss epss 0.02

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.

  • CVE-2020-28087Aug 6, 2021
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.

Page 3 of 3