10 matches found
CVE-2025-15124 JeecgBoot list getParameterMap improper authorization
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...
EUVD-2025-205495
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is...
CVE-2025-15121
JeecgBoot up to 3.9.0 is affected by an information-disclosure vulnerability in getDeptRoleByUserId (/sys/sysDepartRole/getDeptRoleByUserId). Manipulating the departId parameter may disclose information. According to connected reports, vendor contact was made but no response; no patch details are...
JeecgBoot 授权问题漏洞
JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of the parameter departI...
PT-2025-53636
Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A flaw exists in JeecgBoot that allows information disclosure. The issue is related to the getDeptRoleByUserId function located in the /sys/sysDepartRole/getDeptRoleByUserId file. Manipulation of the...
PT-2025-53639
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A security issue exists in JeecgBoot that allows for improper authorization. This is due to the manipulation of the departId argument within the getParameterMap function located in the...
PT-2025-53640
Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the...
CVE-2025-10976
CVE-2025-10976 affects JeecgBoot up to version 3.8.2, where improper authorization can be triggered by manipulating the departId parameter in the /api/getDepartUserList endpoint. The issue is exploitable remotely, with high attack complexity and a disclosed exploit. Public references consistently...
CVE-2025-10976 JeecgBoot getDepartUserList improper authorization
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...
PT-2025-39460
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.8.2 Description A flaw exists in JeecgBoot that involves improper authorization. This issue stems from manipulating the departId argument in the processing of the file '/api/getDepartUserList' API endpoint. The...