cbcvebase.

Jeecg Boot vulnerabilities

56 known vulnerabilities affecting jeecg/jeecg_boot.

Total CVEs
56
CISA KEV
0
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL20HIGH11MEDIUM19LOW6

Vulnerabilities

Page 3 of 3
CVE-2025-10977P3MEDIUMCVSS 5.3≤ 3.8.22025-09-25
CVE-2025-10977 [MEDIUM] CWE-266 CVE-2025-10977: A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is p
nvd
CVE-2025-10976P3MEDIUMCVSS 5.3≤ 3.8.22025-09-25
CVE-2025-10976 [MEDIUM] CWE-266 CVE-2025-10976: A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. T
nvd
CVE-2023-47467P4MEDIUMCVSS 6.5v3.6.02023-11-22
CVE-2023-47467 [MEDIUM] CWE-22 CVE-2023-47467: Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtai Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
nvd
CVE-2022-45205P4MEDIUMCVSS 5.3v3.4.32022-11-25
CVE-2022-45205 [MEDIUM] CWE-89 CVE-2022-45205: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dic Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
nvd
CVE-2026-2111P4MEDIUMCVSS 4.3≤ 3.9.02026-02-07
CVE-2026-2111 [MEDIUM] CWE-22 CVE-2026-2111: A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown func A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can be executed remotely. The exploit has been made available
nvd
CVE-2025-15121P4MEDIUMCVSS 4.9≤ 3.9.02025-12-28
CVE-2025-15121 [MEDIUM] CWE-200 CVE-2025-15121: A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDep A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.
nvd
CVE-2022-45210P4MEDIUMCVSS 4.3v3.4.32022-11-25
CVE-2022-45210 [MEDIUM] CWE-89 CVE-2022-45210: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/use Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.
nvd
CVE-2022-45208P4MEDIUMCVSS 4.3v3.4.32022-11-25
CVE-2022-45208 [MEDIUM] CWE-89 CVE-2022-45208: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/use Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.
nvd
CVE-2021-44585P4MEDIUMCVSS 6.1v3.02022-03-10
CVE-2021-44585 [MEDIUM] CWE-79 CVE-2021-44585: A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view wit A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
nvd
CVE-2023-38905P4MEDIUMCVSS 5.5≤ 3.5.02023-08-17
CVE-2023-38905 [MEDIUM] CWE-89 CVE-2023-38905: SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a deni SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
nvd
CVE-2025-15124P4LOWCVSS 3.1≤ 3.9.02025-12-28
CVE-2025-15124 [LOW] CWE-266 CVE-2025-15124: A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap o A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit i
nvd
CVE-2025-15122P4LOWCVSS 3.1≤ 3.9.02025-12-28
CVE-2025-15122 [LOW] CWE-266 CVE-2025-15122: A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarul A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is
nvd
CVE-2025-15120P4LOWCVSS 3.1≤ 3.9.02025-12-28
CVE-2025-15120 [LOW] CWE-266 CVE-2025-15120: A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered diffi
nvd
CVE-2025-15125P4LOWCVSS 3.1≤ 3.9.02025-12-28
CVE-2025-15125 [LOW] CWE-266 CVE-2025-15125: A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPe A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to b
nvd
CVE-2025-15119P4LOWCVSS 3.1≤ 3.9.02025-12-28
CVE-2025-15119 [LOW] CWE-266 CVE-2025-15119: A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The
nvd
CVE-2025-15123P4LOWCVSS 3.1≤ 3.9.02025-12-28
CVE-2025-15123 [LOW] CWE-266 CVE-2025-15123: A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the fil A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has be
nvd
Jeecg Boot vulnerabilities | cvebase