Shodan
Vulnerabilities
Vulnerable Software
Jeecg:  >> Jeecg Boot  >> 3.5.1  Security Vulnerabilities
CVE-2025-61189
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-01
CVE-2025-61188
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-01
CVE-2023-41544
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
CVSS Score
9.8
EPSS Score
0.176
Published
2023-12-30
CVE-2023-41542
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-30
CVE-2023-41543
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-12-30
CVE-2023-41578
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
CVSS Score
7.5
EPSS Score
0.017
Published
2023-09-08
CVE-2023-42268
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-08
CVE-2023-38992
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
CVSS Score
9.8
EPSS Score
0.669
Published
2023-07-28
CVE-2023-34659
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
CVSS Score
9.8
EPSS Score
0.912
Published
2023-06-16
CVE-2023-34660
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved