Lucene search
K

177 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:57 a.m.9 views

CVE-2024-33164

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...

9.8CVSS8.3AI score0.00569EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:57 a.m.6 views

CVE-2024-33161

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the unallocatedList function...

5.3CVSS8.3AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.14 views

CVE-2023-2475

A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has bee...

5.4CVSS6.2AI score0.00522EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.9 views

CVE-2023-2476

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...

5.4CVSS6.3AI score0.00522EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:34 p.m.6 views

CVE-2021-28890

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...

9.8CVSS8.1AI score0.0134EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:46 a.m.8 views

CVE-2024-35083

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml...

8.8CVSS8.2AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:34 a.m.14 views

CVE-2024-35085

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml...

5.4CVSS8.2AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:16 a.m.9 views

CVE-2024-35090

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...

8.2CVSS8.2AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:45 p.m.8 views

CVE-2024-35086

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml...

9.8CVSS8.2AI score0.00534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:40 p.m.14 views

CVE-2024-35082

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml...

6.3CVSS8.2AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:32 p.m.13 views

CVE-2024-35091

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml...

9.8CVSS8.2AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:19 p.m.11 views

CVE-2024-35084

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...

9.8CVSS8.2AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
added 2024/10/23 12:0 a.m.6 views

J2eeFAST Code Execution Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the small and medium-sized enterprises the best use of open source and free back-end framework platform . A code execution vulnerability exists in J2eeFAST version 2.7 and earlier versions, which stems fr...

9.8CVSS7.8AI score0.00845EPSS
Exploits1References1
NVD
NVD
added 2024/10/18 7:15 p.m.17 views

CVE-2024-45944

In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...

9.8CVSS0.00845EPSS
Exploits1References3
OSV
OSV
added 2024/10/18 7:15 p.m.2 views

CVE-2024-45944

In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...

9.8CVSS6AI score0.00845EPSS
Exploits1References3
CVE
CVE
added 2024/10/18 12:0 a.m.56 views

CVE-2024-45944

CVE-2024-45944 affects J2eeFAST versions up to 2.7. The issue is unsafe filtering in a backend function that can be exploited to trigger sensitive functions, leading to arbitrary code execution. Impact is described as arbitrary code execution with high severity; affected components are backend fu...

9.8CVSS7.8AI score0.00845EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/18 12:0 a.m.3 views

PT-2024-31853 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2eeFAST versions =2.7 Description: The issue is related to unsafe filtering in the backend function, which allows an attacker to trigger certain sensitive functions, resulting in arbitrary code execution. Recommendations: For J2eeFAST versio...

9.8CVSS7.7AI score0.00845EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.3 views

J2eeFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the small and medium-sized enterprises the best use of open source and free back-end framework platform . A code execution vulnerability exists in J2eeFAST version 2.7 and earlier versions, which stems fr...

9.8CVSS7.9AI score0.00845EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/18 12:0 a.m.12 views

CVE-2024-45944

In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...

7.5AI score0.00845EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/18 12:0 a.m.17 views

CVE-2024-45944

In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...

0.00845EPSS
Exploits1References3
Rows per page
Query Builder