Arbitrary File Upload

jeecg-boot-base-core is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate uploading files, allowing an attacker to upload maliciously crafted files through the /jeecg-boot/jmreport/upload endpoint...

SQL Injection

jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in the building block report component, allowing an authenticated attacker to inject and execute malicious SQL queries, leading to Sensitive Information Disclosure...

Privilege Escalation

jeecg-boot-base-core is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, which allows an attacker to gain escalated privileges and view sensitive information such as email, phone and enumerate usernames via API URI:...

Privilege Escalation

jeecg-boot-base-core is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, which allows an attacker to gain escalated privilege and view sensitive information such as email, phone and enumerate usernames via API URI:...

Privilege Escalation

jeecg-boot-base-core is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of library permission checks, allowing an attacker to gain escalated privilege and view sensitive information via the HTTP trace interface...

SQL Injection

jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability exists because the library does not properly escape special characters, allowing an attacker to inject and execute malicious SQL queries...

SQL Injection

jeecg-boot-base-core is vulnerable to sql injection. The vulnerability exists because the filterContent function of SqlInjectionUtil.java does not properly replace the value parameter, allowing an attacker to inject and execute malicious SQL queries...

Arbitrary File Upload

jeecg-boot-base-core is vulnerable to arbitrary file upload. The vulnerability exists due to the lack of file type checks in the fileTypeFilter function of FileTypeFilter.java, allowing an attacker to upload malicious files through the file /api/. path...

Cross-site Scripting (XSS)

org.jeecgframework.boot:jeecg-boot-base-core is vulnerable to cross-site scripting. The vulnerability exists in jeecg-boot/jmreport/view with a mouseover event, allowing an attacker to inject and execute malicious javascript...