7.5 High
AI Score
Confidence
Low
0.975 High
EPSS
Percentile
100.0%
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
github.com/thinkgem/jeesite/issues/490