cbcvebase.
CVE-2021-37305
published 2023-02-03

CVE-2021-37305: An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri…

PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.52%
87.8th percentile
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.

Affected

1 ranges
VendorProductVersion rangeFixed in
jeecgjeecg<= 2.4.5

Detection & IOCsextracted from sources · hover to see the quote

url/jeecg-boot/sys/user/querySysUser?username=admin
path/sys/user/querySysUser?username=admin
  • HTTP GET request to /jeecg-boot/sys/user/querySysUser?username=admin returns HTTP 200 with JSON body containing 'username":"admin', 'success":true', and 'result":{' — all three must be present simultaneously.
  • Response Content-Type header must be application/json to confirm the vulnerable endpoint is responding with structured data.
  • Use Shodan queries 'title:"Jeecg-Boot"' or 'http.title:"jeecg-boot"' to identify exposed Jeecg-Boot instances for targeted scanning.
  • Use FOFA queries 'title="JeecgBoot 企业级低代码平台"', 'title="jeecg-boot"', or 'title="jeecgboot 企业级低代码平台"' to enumerate internet-facing instances.
  • Use Google dork 'intitle:"jeecg-boot"' to discover publicly indexed Jeecg-Boot login/admin pages.
  • ·The vulnerability affects Jeecg-Boot versions 2.4.5 and earlier; the endpoint is unauthenticated (no credentials required), allowing any remote attacker to enumerate valid usernames and retrieve sensitive fields such as email and phone number.
  • ·The exploit path includes the '/jeecg-boot/' context root prefix; deployments without this prefix may expose the endpoint at a different base path (e.g., directly at /sys/user/querySysUser).

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.