Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
Advisories for Maven/Org.jeecgframework.boot/Jeecg-Boot-Base package
2023
Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
Incorrect Permission Assignment for Critical Resource
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In JeecgBoot, there is a SQL injection vulnerability that can operate the database with root privileges.