9 matches found
CVE-2025-0706
CVE-2025-0706 affects JoeyBling bootplus, with the vulnerability located in the file /admin/sys/admin.html. The issue allows cross-site scripting via manipulation of that HTML functionality, and it may be exploited remotely. Public exploitation is noted, and there are no publicly documented fixed...
CVE-2025-0704
Summary of CVE-2025-0704 (JoeyBling bootplus) A vulnerability in the qrCode function of QrCodeController.java (bootplus) allows manipulation of the w/h arguments, leading to resource consumption and potential remote exploitation. The issue affects JoeyBling bootplus up to commit 247d5f6c209be1a5c...
CVE-2025-0703
CVE-2025-0703 affects JoeyBling bootplus; path traversal is triggered by manipulating the name argument in SysFileController.java. The issue can be exploited remotely and the exploit has been disclosed publicly. The product reportedly does not use versioning, so public details about affected vs. ...
CVE-2025-0705
CVE-2025-0705 affects JoeyBling bootplus: the qrCode function in src/main/java/io/github/controller/QrCodeController.java allows an open redirect via manipulation of the text argument. Descriptions across sources confirm remote attack feasibility with public exploitation details; version details ...
CVE-2025-0699
The CVE-2025-0699 entry concerns JoeyBling bootplus (up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d). The vulnerability is located in the /admin/sys/role/list endpoint where the sort parameter can be manipulated to perform SQL injection. It is described as remotely exploitable and critical, with ...
CVE-2025-0701
The CVE-2025-0701 entry concerns JoeyBling bootplus, where the vulnerability resides in the /admin/sys/user/list path. The root cause is manipulation of the sort parameter, enabling SQL injection with remote exploit viability. Multiple connected sources corroborate that affected versions include ...
CVE-2025-0698
CVE-2025-0698 affects JoeyBling bootplus, with a SQL injection in the internal endpoint /admin/sys/menu/list caused by manipulating the sort/order parameter. The vulnerability is exploitable remotely and has publicly disclosed exploits. Affected is an unknown function within the file; no version ...
CVE-2025-0700
CVE-2025-0700 affects JoeyBling bootplus. The vulnerability is in the file /admin/sys/log/list where manipulating the logId argument leads to a SQL injection. It can be exploited remotely. Multiple connected sources describe a rolling-release project with no disclosed version details for affected...
CVE-2025-0702
CVE-2025-0702 affects JoeyBling bootplus, with the issue located in the SysFileController.java handling the portraitFile parameter. The vulnerability enables unrestricted file uploads due to the manipulation of portraitFile and can be exploited remotely; the exploit has been disclosed publicly. N...