Jeecg

By the Year

In 2026 there have been 1 vulnerability in Jeecg with an average score of 9.8 out of ten. Jeecg did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.

Recent Jeecg Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2024-43028	Apr 01, 2026	Command Injection in jeecg boot /jmreport/show (v3.0.0-v3.5.3) A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.	Jeecg Boot
CVE-2024-48307	Oct 31, 2024	JeecgBoot v3.7.1 SQLi via /onlDragDatasetHead/getTotalData JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.	Jeecg Boot
CVE-2023-49442	Jan 03, 2024	Deserialization of Untrusted Data in JEECG jeecgFormDemoController before 4.0 Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.	Jeecg
CVE-2023-41544	Dec 30, 2023	SSTI Injection in jeecg-boot 3.5.3 /jmreport/loadTableData SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.	Jeecg Boot
CVE-2023-41542	Dec 30, 2023	SQL Injection in jeecg-boot 3.5.3 jmreport/qurestSql Remote Escalation SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.	Jeecg Boot
CVE-2023-41543	Dec 30, 2023	jeecg-boot v3.5.3 SQLi in /sys/replicate/check allows privilege escalation SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.	Jeecg Boot
CVE-2023-6307	Nov 27, 2023	Critical RelPath Traversal in JimuReport <=1.6.1 A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	Jimureport
CVE-2023-47467	Nov 22, 2023	Directory Traversal in jeecg-boot 3.6.0 allows remote info leak Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.	Jeecg Boot
CVE-2023-40989	Sep 22, 2023	jeecg-boot v3.0/3.5.3-Remote SQLi at /jmreport/queryFieldBySql(CVE-2023-40989) SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.	Jeecg Boot
CVE-2023-42268	Sep 08, 2023	Jeecg-boot <3.5.4 SQL Injection via /jeecg-boot/jmreport/show Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.	Jeecg Boot