CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contain an access control vulnerability. This vulnerability stems from the function queryPageList in the User List Endpoint component, which process...

JeecgBoot queryPageList function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of parameter deptId in t...

CVE-2025-15119

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

CVE-2025-15119 JeecgBoot list queryPageList improper authorization

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

CVE-2025-15119

Summary: CVE-2025-15119 affects JeecgBoot up to 3.9.0. The vulnerability lies in the function queryPageList of the file /sys/sysDepartRole/list, where manipulating the department identifier (deptId) enables improper authorization. This can be exploited remotely with high exploit complexity; explo...

PT-2025-53634

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A flaw exists in JeecgBoot that relates to improper authorization. This issue is present in the queryPageList function within the /sys/sysDepartRole/list file. Manipulation of the deptId argument can...