Product
jeecg boot
61 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-43028
CVE-2024-40489
CVE-2026-2945
CVE-2026-2822
CVE-2026-2555
CVE-2026-2111
CVE-2026-1746
CVE-2025-15126
CVE-2025-15125
CVE-2025-15124
CVE-2025-15123
CVE-2025-15122
CVE-2025-15121
CVE-2025-15120
CVE-2025-15119
CVE-2025-14909
CVE-2025-14908
CVE-2025-61189
CVE-2025-61188
CVE-2025-10981
CVE-2025-10980
CVE-2025-10979
CVE-2025-10978
CVE-2025-10977
CVE-2025-10976
CVE-2025-10707
CVE-2025-10319
CVE-2025-10318
CVE-2025-51825
CVE-2025-4533
CVE-2024-57606
CVE-2024-48307
CVE-2023-41544
CVE-2023-41543
CVE-2023-41542
CVE-2023-47467
CVE-2023-40989
CVE-2023-42268
CVE-2023-41578
CVE-2023-38905
CVE-2023-38992
CVE-2023-34603
CVE-2023-34602
CVE-2023-34660
CVE-2023-34659
CVE-2023-1784
CVE-2023-1741
CVE-2023-1454
CVE-2022-47105
CVE-2022-45210
CVE-2022-45208
CVE-2022-45207
CVE-2022-45206
CVE-2022-45205
CVE-2022-2647
CVE-2021-44585
CVE-2022-22881
CVE-2022-22880
CVE-2021-46089
CVE-2020-28088
CVE-2020-28087
>= 3.0 and <= 3.5.3
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbit
>= 3.0 and <= 3.5.3
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers t
all versions
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/com
<= 3.9.1
A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeec
all versions
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/j
<= 3.9.0
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/k
all versions
A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDict
<= 3.9.0
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the
<= 3.9.0
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/perm
<= 3.9.0
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermi
<= 3.9.0
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/dat
<= 3.9.0
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRo
<= 3.9.0
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys
<= 3.9.0
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRol
<= 3.9.0
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRol
<= 3.9.0
A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file
<= 3.9.0
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/j
<= 3.8.2
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vu
<= 3.8.2
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload
<= 3.8.2
A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Perform
<= 3.8.2
A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/ex
<= 3.8.2
A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportX
<= 3.8.2
A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/ex
<= 3.8.2
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The
<= 3.8.2
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUser
<= 3.8.2
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/s
<= 3.8.2
A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sy
<= 3.8.2
A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /a
>= 3.4.3 and <= 3.8.0
JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/h
<= 3.8.0
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of
all versions
SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain
all versions
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
<= 3.5.3
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP reque
<= 3.5.3
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information
<= 3.5.3
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive infor
all versions
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via th
all versions
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a craf
<= 3.5.3
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
<= 3.5.3
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
<= 3.5.0
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmar
all versions
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
<= 3.5.1
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.
<= 3.5.1
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org
all versions
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
all versions
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
all versions
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the compon
all versions
A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown f
all versions
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qures
all versions
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
all versions
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.
all versions
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.
all versions
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.
all versions
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.
all versions
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
all versions
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /ap
all versions
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
<= 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData
<= 3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserBy
all versions
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
all versions
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrar
all versions
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive data