VYPR

Vendor CVEs

Jeewms

All CVEs

29 total · sorted by risk
  • CVE-2026-3026HigFeb 23, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack…

  • CVE-2026-11458MedJun 7, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure.…

  • CVE-2026-3028MedFeb 23, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be…

  • CVE-2026-3027MedFeb 23, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched…

  • CVE-2025-70311Feb 3, 2026
    risk 0.00cvss epss 0.00

    JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.

  • CVE-2025-60269Oct 10, 2025
    risk 0.00cvss epss 0.00

    JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.

  • CVE-2025-60268Oct 10, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code…

  • CVE-2025-55834Sep 16, 2025
    risk 0.00cvss epss 0.00

    A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component

  • CVE-2024-53499Aug 22, 2025
    risk 0.00cvss epss 0.00

    Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.

  • CVE-2025-50901Aug 20, 2025
    risk 0.00cvss epss 0.00

    JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.

  • CVE-2025-5390May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the…

  • CVE-2025-5389May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access…

  • CVE-2025-5388May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes…

  • CVE-2025-5387May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the…

  • CVE-2025-5386May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not…

  • CVE-2025-5385May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery…

  • CVE-2025-5384May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This…

  • CVE-2025-29213Apr 15, 2025
    risk 0.00cvss epss 0.00

    A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.

  • CVE-2024-57761Jan 14, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-57760Jan 14, 2025
    risk 0.00cvss epss 0.00

    JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.

  • CVE-2024-57757Jan 14, 2025
    risk 0.00cvss epss 0.00

    JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.

  • CVE-2025-0392Jan 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is…

  • CVE-2025-0391Jan 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The…

  • CVE-2025-0390Jan 11, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated…

  • CVE-2024-12347Dec 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation…

  • CVE-2024-11961Nov 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request…

  • CVE-2024-11251Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The…

  • CVE-2024-27765Mar 5, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.

  • CVE-2024-27764Mar 5, 2024
    risk 0.00cvss epss 0.01

    An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.