Huayi-Tec: >> Jeewms >> 2025-08-20 Security Vulnerabilities
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-10
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.
CVSS Score
9.4
EPSS Score
0.0
Published
2025-10-10