J2eefast: Security Vulnerabilities
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-10-18
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml.
CVSS Score
8.2
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml .
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-23
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-07
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-07
Page 1