📦 Jeecg

This vulnerability allows remote attackers to execute arbitrary code on JEECG systems by sending specially crafted POST requests to the jeecgFormDemoController. It affects all JEECG 4.0 and earlier in...

CVE-2023-24789 is an authenticated SQL injection vulnerability in jeecg-boot's building block report component. Attackers with valid credentials can execute arbitrary SQL commands, potentially leading...

CVE-2021-37304 is an insecure permissions vulnerability in jeecg-boot 2.4.5 that allows unauthenticated remote attackers to access the httptrace interface. This enables privilege escalation and exposu...

CVE-2021-37306 is an insecure permissions vulnerability in jeecg-boot that allows remote attackers to check if a username exists without authentication. This information disclosure can help attackers ...

CVE-2020-20948 is an arbitrary file download vulnerability in JEECG v3.8 that allows attackers to access sensitive server files by manipulating the 'localPath' parameter. This affects all systems runn...