A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-04-15
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-15
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-05
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-03-05