177 matches found
PT-2024-25131 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the authRoleList function. This allows for potential exploitation. No information is provided about the estimated number of affected...
CVE-2024-33161
CVE-2024-33161 affects J2EEFAST v2.7.0, with a SQL injection vulnerability exposed through the sql_filter parameter in the unallocatedList() function. The issue enables potential unauthorized SQL execution and data exposure, as indicated by the CVE description and Red Hat/CNVD entries. The CVSS 3...
CVE-2024-33144
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml...
CVE-2024-33147
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authRoleList function...
CVE-2024-33164
CVE-2024-33164 affects J2EEFAST v2.7.0. A SQL injection in authUserList() via the sql_filter parameter is reported, with CVSS 3.1 base score 9.8 (CRITICAL). Impact: potentially arbitrary SQL execution and data leakage; network access, no user interaction required. Some sources note mitigations su...
J2eeFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the export function of the sqlfilte...
CVE-2024-33153
CVE-2024-33153 affects J2EEFAST v2.7.0. A SQL injection vulnerability exists in the commentList() function via the sql_filter parameter due to lack of validation against externally entered SQL statements. Impact described in sources is high (confidentiality, integrity, and availability affected) ...
CVE-2024-33146
CVE-2024-33146 affects J2EEFAST v2.7.0. A SQL injection flaw exists in the export function via the sql_filter parameter, enabling manipulation of SQL statements and potential data exposure. The CVSS v3.1 base score is 9.1 (CRITICAL) with network access, no user interaction, and no privileges requ...
CVE-2024-33148
CVE-2024-33148 : Concrete details from connected docs show a SQL injection in J2EEFAST v2.7.0 via the sql_filter parameter in the list function. Root cause, per CNVD/NVD/Red Hat/CVE records, is improper validation of external input in that function. Reported impact is SQL data exposure/alteration...
CVE-2024-33146
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the export function...
CVE-2024-33161
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the unallocatedList function...
CVE-2024-33147
CVE-2024-33147 affects the J2EEFAST project, specifically version 2.7.0, with a SQL injection vulnerability in the authRoleList function exposed via the sql_filter parameter. The root cause is lack of input validation for external SQL statements in that function, enabling attackers to execute arb...
CVE-2024-33164
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...
PT-2024-25127 · J2Eefast · J2Eefast
Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the findpage function. This allows for potential exploitation. No information is provided about the estimated number of potentially...
CVE-2024-33144
CVE-2024-33144 affects J2EEFAST v2.7.0. The vulnerability is a SQL injection in the sql_filter parameter of the findApplyedTasksPage function in BpmTaskMapper.xml. The underlying issue is lack of validation of external input in that parameter, enabling an attacker to craft SQL statements that cou...
CVE-2024-33149
CVE-2024-33149 affects J2EEFAST v2.7.0, where a SQL injection vulnerability exists in the myProcessList function via the sql_filter parameter. Root cause described in CNVD-2024-33145 as lack of validation of externally provided SQL statements, enabling execution of arbitrary SQL commands and pote...
CVE-2024-33153
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the commentList function...
CVE-2024-33139
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...
CVE-2024-33139
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findpage function...
CVE-2023-2476
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The...