AI Score
Confidence
High
EPSS
Percentile
99.8%
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
github.com/thinkgem/jeesite/issues/490