Lucene search
K

177 matches found

Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.4 views

PT-2024-25131 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the authRoleList function. This allows for potential exploitation. No information is provided about the estimated number of affected...

8.8CVSS8.1AI score0.00547EPSS
Exploits0References5
CVE
CVE
added 2024/05/07 12:0 a.m.60 views

CVE-2024-33161

CVE-2024-33161 affects J2EEFAST v2.7.0, with a SQL injection vulnerability exposed through the sql_filter parameter in the unallocatedList() function. The issue enables potential unauthorized SQL execution and data exposure, as indicated by the CVE description and Red Hat/CNVD entries. The CVSS 3...

5.3CVSS8.2AI score0.00244EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.11 views

CVE-2024-33144

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml...

8.3AI score0.00536EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.23 views

CVE-2024-33147

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authRoleList function...

8.1AI score0.00547EPSS
Exploits0References1
CVE
CVE
added 2024/05/07 12:0 a.m.64 views

CVE-2024-33164

CVE-2024-33164 affects J2EEFAST v2.7.0. A SQL injection in authUserList() via the sql_filter parameter is reported, with CVSS 3.1 base score 9.8 (CRITICAL). Impact: potentially arbitrary SQL execution and data leakage; network access, no user interaction required. Some sources note mitigations su...

9.8CVSS8.2AI score0.00569EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

J2eeFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the export function of the sqlfilte...

9.1CVSS8.2AI score0.0052EPSS
Exploits0References2
CVE
CVE
added 2024/05/07 12:0 a.m.63 views

CVE-2024-33153

CVE-2024-33153 affects J2EEFAST v2.7.0. A SQL injection vulnerability exists in the commentList() function via the sql_filter parameter due to lack of validation against externally entered SQL statements. Impact described in sources is high (confidentiality, integrity, and availability affected) ...

9.8CVSS8.2AI score0.00557EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/07 12:0 a.m.61 views

CVE-2024-33146

CVE-2024-33146 affects J2EEFAST v2.7.0. A SQL injection flaw exists in the export function via the sql_filter parameter, enabling manipulation of SQL statements and potential data exposure. The CVSS v3.1 base score is 9.1 (CRITICAL) with network access, no user interaction, and no privileges requ...

9.1CVSS8.2AI score0.0052EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/07 12:0 a.m.60 views

CVE-2024-33148

CVE-2024-33148 : Concrete details from connected docs show a SQL injection in J2EEFAST v2.7.0 via the sql_filter parameter in the list function. Root cause, per CNVD/NVD/Red Hat/CVE records, is improper validation of external input in that function. Reported impact is SQL data exposure/alteration...

7.3CVSS8.2AI score0.0037EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.14 views

CVE-2024-33146

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the export function...

8.1AI score0.0052EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.18 views

CVE-2024-33161

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the unallocatedList function...

8.1AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2024/05/07 12:0 a.m.61 views

CVE-2024-33147

CVE-2024-33147 affects the J2EEFAST project, specifically version 2.7.0, with a SQL injection vulnerability in the authRoleList function exposed via the sql_filter parameter. The root cause is lack of input validation for external SQL statements in that function, enabling attackers to execute arb...

8.8CVSS8.2AI score0.00547EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.23 views

CVE-2024-33164

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...

8.1AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.7 views

PT-2024-25127 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the findpage function. This allows for potential exploitation. No information is provided about the estimated number of potentially...

7.5CVSS8.1AI score0.00514EPSS
Exploits0References4
CVE
CVE
added 2024/05/07 12:0 a.m.67 views

CVE-2024-33144

CVE-2024-33144 affects J2EEFAST v2.7.0. The vulnerability is a SQL injection in the sql_filter parameter of the findApplyedTasksPage function in BpmTaskMapper.xml. The underlying issue is lack of validation of external input in that parameter, enabling an attacker to craft SQL statements that cou...

8.8CVSS8.2AI score0.00536EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/07 12:0 a.m.66 views

CVE-2024-33149

CVE-2024-33149 affects J2EEFAST v2.7.0, where a SQL injection vulnerability exists in the myProcessList function via the sql_filter parameter. Root cause described in CNVD-2024-33145 as lack of validation of externally provided SQL statements, enabling execution of arbitrary SQL commands and pote...

8.1CVSS8.2AI score0.00483EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.23 views

CVE-2024-33153

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the commentList function...

8.1AI score0.00557EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.16 views

CVE-2024-33139

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...

8.3AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.20 views

CVE-2024-33139

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...

8.1AI score0.00514EPSS
Exploits0References1
NVD
NVD
added 2023/05/02 2:15 p.m.27 views

CVE-2023-2476

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...

5.4CVSS4.2AI score0.00522EPSS
Exploits1References4
Rows per page
Query Builder