📦 Jeecg Boot
by Jeecg
🔍 What is Jeecg Boot?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This is a Server-Side Template Injection (SSTI) vulnerability in jeecg-boot version 3.5.3 that allows remote attackers to execute arbitrary code via crafted HTTP requests to the /jmreport/loadTableDat...
This SQL injection vulnerability in jeecg-boot version 3.5.3 allows remote attackers to execute arbitrary SQL commands via the jmreport/qurestSql component. Attackers can escalate privileges, access s...
Jeecg Boot versions up to 3.5.3 contain a SQL injection vulnerability in the /jeecg-boot/jmreport/show component. This allows attackers to execute arbitrary SQL commands on the database. Organizations...
Jeecg-Boot versions 3.5.0 and 3.5.1 contain a SQL injection vulnerability in the id parameter of the /jeecg-boot/jmreport/show interface. This allows attackers to execute arbitrary SQL commands on the...
Jeecg-boot v3.0 contains a SQL injection vulnerability in the /jeecg-boot/sys/user/queryUserByDepId endpoint via the code parameter. This allows attackers to execute arbitrary SQL commands on the data...
CVE-2021-46089 is a critical SQL injection vulnerability in JeecgBoot 3.0 that allows attackers to execute arbitrary SQL commands with root database privileges. This affects all organizations using vu...
This vulnerability allows attackers to upload arbitrary files to the jeecg-boot CMS system through the /jeecg-boot/sys/common/upload endpoint. Attackers can then execute arbitrary code on the server, ...
Jeecg Boot up to version 3.5.3 contains an arbitrary file read vulnerability in the /testConnection interface. This allows attackers to read sensitive files from the server filesystem without authenti...
This SQL injection vulnerability in jeecg-boot CMS allows attackers to execute arbitrary SQL commands through the /jeecg boot/sys/dict/loadtreedata endpoint. Attackers can access, modify, or delete se...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in JeecgBoot 3.9.0 that allows attackers to make the server send HTTP requests to arbitrary internal or external systems. Attacker...
A deserialization vulnerability in JeecgBoot 3.9.1 allows remote attackers to execute arbitrary code by manipulating the importDocumentFromZip function in the AI knowledge controller. This affects sys...
JeecgBoot versions up to 3.9.0 contain a path traversal vulnerability in the Retrieval-Augmented Generation Module's /airag/knowledge/doc/edit endpoint. Attackers can manipulate the filePath parameter...
This vulnerability in JeecgBoot allows attackers to remotely manipulate user sessions through the SysUserOnlineController function. It affects JeecgBoot versions up to 3.9.0, potentially enabling unau...
CVE-2025-14908 is an authentication bypass vulnerability in JeecgBoot's multi-tenant management module that allows attackers to manipulate tenant ID parameters without proper authentication. This affe...
Jeecgboot versions 3.8.2 and earlier contain a path traversal vulnerability in the /sys/comment/addFile endpoint that allows attackers to upload files with whitelisted extensions to the system's /opt ...
This vulnerability in JeecgBoot allows unauthorized access to the tenant export function via the /sys/tenant/exportXls endpoint. Attackers can remotely exploit this improper authorization flaw to pote...
JeecgBoot up to version 3.8.2 contains an improper authorization vulnerability in the /sys/position/exportXls endpoint that allows remote attackers to access unauthorized functionality. This affects a...
This vulnerability in JeecgBoot allows unauthorized access to the user export functionality via the /sys/user/exportXls endpoint. Attackers can exploit this to export sensitive user data without prope...
JeecgBoot up to version 3.8.2 has an improper authorization vulnerability in the /sys/role/exportXls endpoint that allows unauthorized access to role export functionality. This affects all JeecgBoot d...
This CVE describes an improper authorization vulnerability in JeecgBoot's getPositionUserList function. Attackers can manipulate the positionId parameter to potentially access unauthorized user positi...
This vulnerability in JeecgBoot allows attackers to bypass authorization checks by manipulating the departId parameter in the /sys/sysDepartPermission/list endpoint. It enables unauthorized access to ...
This CVE describes an improper authorization vulnerability in JeecgBoot's queryDepartPermission function. Attackers can manipulate the departId parameter to potentially access unauthorized department ...
JeecgBoot up to version 3.9.0 contains an improper authorization vulnerability in the /sys/sysDepartPermission/datarule/ endpoint. This allows remote attackers to potentially bypass intended access co...
This CVE describes an improper authorization vulnerability in JeecgBoot's loadDatarule function that allows attackers to manipulate departId/roleId parameters. Attackers could potentially access unaut...
This vulnerability in JeecgBoot allows attackers to exploit the getDeptRoleByUserId function by manipulating the departId parameter, leading to unauthorized information disclosure. It affects JeecgBoo...
This CVE describes an improper authorization vulnerability in JeecgBoot's getDeptRoleList function. Attackers can manipulate the departId parameter to potentially access unauthorized department role i...
This vulnerability in JeecgBoot allows attackers to bypass authorization checks by manipulating the deptId parameter in the /sys/sysDepartRole/list endpoint. It enables unauthorized access to departme...