Vulnerability Details CVE-2024-43028
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-43028
-
cpe:2.3:a:jeecg:jeecg_boot:3.0
-
cpe:2.3:a:jeecg:jeecg_boot:3.1.0
-
cpe:2.3:a:jeecg:jeecg_boot:3.2.0
-
cpe:2.3:a:jeecg:jeecg_boot:3.3.0
-
cpe:2.3:a:jeecg:jeecg_boot:3.4.0
-
cpe:2.3:a:jeecg:jeecg_boot:3.4.2
-
cpe:2.3:a:jeecg:jeecg_boot:3.4.3
-
cpe:2.3:a:jeecg:jeecg_boot:3.4.4
-
cpe:2.3:a:jeecg:jeecg_boot:3.5.0
-
cpe:2.3:a:jeecg:jeecg_boot:3.5.1
-
cpe:2.3:a:jeecg:jeecg_boot:3.5.3