CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Ketr: >> Jepaas Security Vulnerabilities

CVE-2024-51165

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

CVSS Score

7.5

EPSS Score

0.001

Published

2024-12-10

CVE-2024-51164

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.

CVSS Score

9.1

EPSS Score

0.003

Published

2024-11-15

CVE-2024-46535

Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.

CVSS Score

9.8

EPSS Score

0.002

Published

2024-10-14

Page 1

Vulnerabilities

Vulnerable Software

Ketr: >> Jepaas Security Vulnerabilities

Products

Pricing

Contact Us