JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 1.0 of JEEWMS has a security vulnerability, which stems from the id1 and id2 parameters in the /systemControl.do interface, making them vulnerable to SQL injection attacks...

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. The vulnerability is triggered by providing crafted values in the id1 and id2 parameters to the /systemControl.do interface, enabling attackers to inject malicious SQL statements. Root cause details are not elaborated in the available documents. Impact s...

EUVD-2025-33761

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file...

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component...

JeeWMS Cross-Site Scripting Vulnerability

JeeWMS is a JAVA-based warehouse management system . A cross-site scripting vulnerability exists in JeeWMS 3.7 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the logController.do component, and can be exploited by an attacker to disclo...

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component...

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack...

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of injection vulnerability exists, the vulnerability stems from the file /cgformTransController.do?transEditor function in the transEditor SQL injection...

CVE-2025-29213

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2024-57760

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...

PT-2025-3555 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS versions prior to 2025.01.01 Description: The issue is related to an arbitrary file upload vulnerability in the parserXML method. This allows attackers to execute arbitrary code via uploading a crafted file. There is no information...

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. An injection vulnerability exists in JeeWMS 20241229 and earlier versions, which stems from SQL injection in the saveOrUpdate function...