Jeecg Boot vulnerabilities
56 known vulnerabilities affecting jeecg/jeecg_boot.
Total CVEs
56
CISA KEV
0
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL20HIGH11MEDIUM19LOW6
Vulnerabilities
Page 1 of 3
CVE-2024-48307P1CRITICALCVSS 9.8ExploitedPoCv3.7.12024-10-31
CVE-2024-48307 [CRITICAL] CWE-89 CVE-2024-48307: JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragD
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
nvd
CVE-2023-1454P1CRITICALCVSS 9.8ExploitedPoCv3.5.02023-03-17
CVE-2023-1454 [CRITICAL] CWE-89 CVE-2023-1454: A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown p
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vul
nvd
CVE-2023-34659P1CRITICALCVSS 9.8ExploitedPoCv3.5.0v3.5.12023-06-16
CVE-2023-34659 [CRITICAL] CWE-89 CVE-2023-34659: jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jm
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
nvd
CVE-2023-38992P2CRITICALCVSS 9.8PoCv3.5.12023-07-28
CVE-2023-38992 [CRITICAL] CWE-89 CVE-2023-38992: jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
nvd
CVE-2024-43028P2CRITICALCVSS 9.8≥ 3.0, ≤ 3.5.32026-04-01
CVE-2024-43028 [CRITICAL] CWE-77 CVE-2024-43028: A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 all
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
nvd
CVE-2023-41544P2CRITICALCVSS 9.8≤ 3.5.32023-12-30
CVE-2023-41544 [CRITICAL] CWE-94 CVE-2023-41544: SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitra
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
nvd
CVE-2025-10318P2HIGHCVSS 8.8≤ 3.8.22025-09-12
CVE-2025-10318 [HIGH] CWE-266 CVE-2025-10318: A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknow
A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and mi
nvd
CVE-2020-28088P2CRITICALCVSS 9.8v2.32021-08-06
CVE-2020-28088 [CRITICAL] CWE-434 CVE-2020-28088: An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
nvd
CVE-2021-46089P3CRITICALCVSS 9.8v3.02022-01-25
CVE-2021-46089 [CRITICAL] CWE-89 CVE-2021-46089: In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root pri
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
nvd
CVE-2023-40989P2CRITICALCVSS 9.8v3.0v3.5.32023-09-22
CVE-2023-40989 [CRITICAL] CWE-89 CVE-2023-40989: SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to exe
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
nvd
CVE-2026-1746P3HIGHCVSS 8.8v3.9.02026-02-02
CVE-2026-1746 [HIGH] CWE-74 CVE-2026-1746: A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the fi
A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was conta
nvd
CVE-2023-1784P3CRITICALCVSS 9.8v3.5.02023-03-31
CVE-2023-1784 [CRITICAL] CWE-287 CVE-2023-1784: A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some un
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability
nvd
CVE-2025-10707P3HIGHCVSS 8.8≤ 3.8.22025-09-19
CVE-2025-10707 [HIGH] CWE-266 CVE-2025-10707: A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this dis
nvd
CVE-2023-41542P3CRITICALCVSS 9.8≤ 3.5.32023-12-30
CVE-2023-41542 [CRITICAL] CWE-89 CVE-2023-41542: SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privile
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
nvd
CVE-2026-2822P3HIGHCVSS 8.8≤ 3.9.12026-02-20
CVE-2026-2822 [HIGH] CWE-74 CVE-2026-2822: A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unkn
A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly a
nvd
CVE-2024-40489P3CRITICALCVSS 9.8≥ 3.0, ≤ 3.5.32026-04-01
CVE-2024-40489 [CRITICAL] CWE-94 CVE-2024-40489: There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filte
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.
nvd
CVE-2023-1741P3CRITICALCVSS 9.8v3.5.02023-03-30
CVE-2023-1741 [CRITICAL] CWE-89 CVE-2023-1741: A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this
A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used
nvd
CVE-2022-22881P3CRITICALCVSS 9.8≤ 3.02022-02-16
CVE-2022-22881 [CRITICAL] CWE-89 CVE-2022-22881: Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /s
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
nvd
CVE-2022-22880P3CRITICALCVSS 9.8≤ 3.02022-02-16
CVE-2022-22880 [CRITICAL] CWE-89 CVE-2022-22880: Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /j
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
nvd
CVE-2023-41543P3CRITICALCVSS 9.8≤ 3.5.32023-12-30
CVE-2023-41543 [CRITICAL] CWE-89 CVE-2023-41543: SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
nvd
1 / 3Next →