org.jeecgframework.boot:jeecg-boot-common

vulnerable: 3.4.0, 3.4.2, 3.4.3, 3.4.4, 3.5.0

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the att…

vulnerable: 3.4.0 ... 3.5.2 (7 versions)

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.

vulnerable: 3.4.0 ... 3.5.5 (10 versions)

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

vulnerable: 3.4.0 ... 3.5.3 (8 versions)

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

vulnerable: 3.4.0 ... 3.5.3 (8 versions)

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.

vulnerable: 3.4.0 ... 3.5.3 (8 versions)

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.

vulnerable: 3.4.0 ... 3.6.0 (11 versions)

Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.