Lucene search
+L
JoeyblingBootplus

9 matches found

CVE
CVE
added 2025/01/24 7:31 p.m.63 views

CVE-2025-0706

CVE-2025-0706 affects JoeyBling bootplus, with the vulnerability located in the file /admin/sys/admin.html. The issue allows cross-site scripting via manipulation of that HTML functionality, and it may be exploited remotely. Public exploitation is noted, and there are no publicly documented fixed...

5.4CVSS3.5AI score0.00283EPSS
CVE
CVE
added 2025/01/24 6:31 p.m.61 views

CVE-2025-0704

Summary of CVE-2025-0704 (JoeyBling bootplus) A vulnerability in the qrCode function of QrCodeController.java (bootplus) allows manipulation of the w/h arguments, leading to resource consumption and potential remote exploitation. The issue affects JoeyBling bootplus up to commit 247d5f6c209be1a5c...

6.9CVSS5.4AI score0.0067EPSS
CVE
CVE
added 2025/01/24 6:31 p.m.56 views

CVE-2025-0703

CVE-2025-0703 affects JoeyBling bootplus; path traversal is triggered by manipulating the name argument in SysFileController.java. The issue can be exploited remotely and the exploit has been disclosed publicly. The product reportedly does not use versioning, so public details about affected vs. ...

5.3CVSS4.7AI score0.00534EPSS
CVE
CVE
added 2025/01/24 7:0 p.m.56 views

CVE-2025-0705

CVE-2025-0705 affects JoeyBling bootplus: the qrCode function in src/main/java/io/github/controller/QrCodeController.java allows an open redirect via manipulation of the text argument. Descriptions across sources confirm remote attack feasibility with public exploitation details; version details ...

6.9CVSS4.8AI score0.00369EPSS
CVE
CVE
added 2025/01/24 3:31 p.m.52 views

CVE-2025-0699

The CVE-2025-0699 entry concerns JoeyBling bootplus (up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d). The vulnerability is located in the /admin/sys/role/list endpoint where the sort parameter can be manipulated to perform SQL injection. It is described as remotely exploitable and critical, with ...

8.8CVSS7.1AI score0.00408EPSS
Web
CVE
CVE
added 2025/01/24 5:0 p.m.51 views

CVE-2025-0701

The CVE-2025-0701 entry concerns JoeyBling bootplus, where the vulnerability resides in the /admin/sys/user/list path. The root cause is manipulation of the sort parameter, enabling SQL injection with remote exploit viability. Multiple connected sources corroborate that affected versions include ...

8.8CVSS7.7AI score0.0038EPSS
Web
CVE
CVE
added 2025/01/24 3:31 p.m.50 views

CVE-2025-0698

CVE-2025-0698 affects JoeyBling bootplus, with a SQL injection in the internal endpoint /admin/sys/menu/list caused by manipulating the sort/order parameter. The vulnerability is exploitable remotely and has publicly disclosed exploits. Affected is an unknown function within the file; no version ...

8.8CVSS7.3AI score0.00408EPSS
Web
CVE
CVE
added 2025/01/24 5:0 p.m.48 views

CVE-2025-0700

CVE-2025-0700 affects JoeyBling bootplus. The vulnerability is in the file /admin/sys/log/list where manipulating the logId argument leads to a SQL injection. It can be exploited remotely. Multiple connected sources describe a rolling-release project with no disclosed version details for affected...

8.8CVSS7.5AI score0.0038EPSS
Web
CVE
CVE
added 2025/01/24 6:0 p.m.45 views

CVE-2025-0702

CVE-2025-0702 affects JoeyBling bootplus, with the issue located in the SysFileController.java handling the portraitFile parameter. The vulnerability enables unrestricted file uploads due to the manipulation of portraitFile and can be exploited remotely; the exploit has been disclosed publicly. N...

8.8CVSS7.1AI score0.00647EPSS