Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-22
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-08-20
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-15
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-15
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-05
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.
CVSS Score
9.8
EPSS Score
0.017
Published
2024-03-05