JeecgBoot JimuReport - Template injection

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed t...

EUVD-2026-20858

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848

CVE-2026-5848 affects jeecgboot JimuReport up to version 2.3.0. The vulnerability lies in the Data Source Handler’s testConnection path, specifically the function DriverManager.getConnection, where manipulating the argument dbUrl can lead to code injection. The issue can be exploited remotely and...

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

PT-2026-31587

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the...

JimuReport 代码注入漏洞

JimuReport is a free reporting tool developed by JEECG in China. Versions of JimuReport 2.3.0 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter dbUrl in the DriverManager.getConnection function within the Data Source Handler...

CVE-2023-4450

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed t...

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

JimuReport 安全漏洞

JimuReport is a free reporting tool open-sourced by JEECG in China. A security vulnerability exists in JimuReport 2.1.3 and prior versions, which stems from unauthenticated handling of user-controlled H2 JDBC URLs and could lead to remote code execution...

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

PT-2026-1866

Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3 Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of...

EUVD-2025-30382

Malicious code in bioql PyPI...

EUVD-2025-30383

Malicious code in bioql PyPI...

EUVD-2025-24808

Malicious code in bioql PyPI...

CVE-2025-10770

A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit ha...

CVE-2025-10771

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...