177 matches found
CVE-2024-33164
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...
CVE-2024-33161
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the unallocatedList function...
CVE-2023-2475
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has bee...
CVE-2023-2476
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2021-28890
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...
CVE-2024-35083
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml...
CVE-2024-35085
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml...
CVE-2024-35090
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...
CVE-2024-35086
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml...
CVE-2024-35082
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml...
CVE-2024-35091
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml...
CVE-2024-35084
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...
J2eeFAST Code Execution Vulnerability
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the small and medium-sized enterprises the best use of open source and free back-end framework platform . A code execution vulnerability exists in J2eeFAST version 2.7 and earlier versions, which stems fr...
CVE-2024-45944
In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...
CVE-2024-45944
In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...
CVE-2024-45944
CVE-2024-45944 affects J2eeFAST versions up to 2.7. The issue is unsafe filtering in a backend function that can be exploited to trigger sensitive functions, leading to arbitrary code execution. Impact is described as arbitrary code execution with high severity; affected components are backend fu...
PT-2024-31853 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2eeFAST versions =2.7 Description: The issue is related to unsafe filtering in the backend function, which allows an attacker to trigger certain sensitive functions, resulting in arbitrary code execution. Recommendations: For J2eeFAST versio...
J2eeFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the small and medium-sized enterprises the best use of open source and free back-end framework platform . A code execution vulnerability exists in J2eeFAST version 2.7 and earlier versions, which stems fr...
CVE-2024-45944
In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...
CVE-2024-45944
In J2eeFAST =2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution...