Jeecg Jimureport vulnerabilities
7 known vulnerabilities affecting jeecg/jimureport.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-4450P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.6.12023-08-21
CVE-2023-4450 [CRITICAL] CWE-74 CVE-2023-4450: A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Aff
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.
nvd
CVE-2023-6307P2CRITICALCVSS 9.8≤ 1.6.12023-11-27
CVE-2023-6307 [CRITICAL] CWE-23 CVE-2023-6307: A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by th
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The
nvd
CVE-2025-66913P3CRITICALCVSS 9.8≤ 2.1.32026-01-08
CVE-2025-66913 [CRITICAL] CVE-2025-66913: JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.
nvd
CVE-2025-10771P3CRITICALCVSS 9.8≤ 2.1.22025-09-21
CVE-2025-10771 [CRITICAL] CWE-20 CVE-2025-10771: A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function
A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicl
nvd
CVE-2025-8963P3CRITICALCVSS 9.8≤ 2.1.12025-08-14
CVE-2025-8963 [CRITICAL] CWE-20 CVE-2025-8963: A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some u
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Mod
nvd
CVE-2024-44893P3CRITICALCVSS 9.8v1.7.82024-09-10
CVE-2024-44893 [CRITICAL] CWE-269 CVE-2024-44893: An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to esc
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.
nvd
CVE-2025-10770P3MEDIUMCVSS 6.5≤ 2.1.22025-09-21
CVE-2025-10770 [MEDIUM] CWE-20 CVE-2025-10770: A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of t
A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
nvd