10 matches found
CVE-2025-15124 JeecgBoot list getParameterMap improper authorization
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...
EUVD-2025-205495
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is...
CVE-2025-15121
JeecgBoot up to 3.9.0 is affected by an information-disclosure vulnerability in getDeptRoleByUserId (/sys/sysDepartRole/getDeptRoleByUserId). Manipulating the departId parameter may disclose information. According to connected reports, vendor contact was made but no response; no patch details are...
PT-2025-53640
Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the...
PT-2025-53639
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A security issue exists in JeecgBoot that allows for improper authorization. This is due to the manipulation of the departId argument within the getParameterMap function located in the...
JeecgBoot 授权问题漏洞
JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of the parameter departI...
PT-2025-53636
Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A flaw exists in JeecgBoot that allows information disclosure. The issue is related to the getDeptRoleByUserId function located in the /sys/sysDepartRole/getDeptRoleByUserId file. Manipulation of the...
CVE-2025-10976
CVE-2025-10976 affects JeecgBoot up to version 3.8.2, where improper authorization can be triggered by manipulating the departId parameter in the /api/getDepartUserList endpoint. The issue is exploitable remotely, with high attack complexity and a disclosed exploit. Public references consistently...
CVE-2025-10976 JeecgBoot getDepartUserList improper authorization
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...
PT-2025-39460
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.8.2 Description A flaw exists in JeecgBoot that involves improper authorization. This issue stems from manipulating the departId argument in the processing of the file '/api/getDepartUserList' API endpoint. The...