Every CVE whose affected-product data names Jeecg Jeecg Boot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (57)
CVE-2023-41542 — CVSS 9.8 (critical): SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information…
CVE-2023-41544 — CVSS 9.8 (critical): SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the…
CVE-2023-34659 — CVSS 9.8 (critical): jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
CVE-2024-43028 — CVSS 9.8 (critical): A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code…
CVE-2023-38992 — CVSS 9.8 (critical): jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
CVE-2023-40989 — CVSS 9.8 (critical): SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted…
CVE-2023-41543 — CVSS 9.8 (critical): SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the…
CVE-2023-42268 — CVSS 9.8 (critical): Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
CVE-2024-40489 — CVSS 9.8 (critical): There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute…
CVE-2022-45206 — CVSS 9.8 (critical): Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.
CVE-2022-45207 — CVSS 9.8 (critical): Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.
CVE-2024-48307 — CVSS 9.8 (critical): JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
CVE-2021-46089 — CVSS 9.8 (critical): In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
CVE-2022-47105 — CVSS 9.8 (critical): Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
CVE-2022-22880 — CVSS 9.8 (critical): Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
CVE-2022-22881 — CVSS 9.8 (critical): Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
CVE-2020-28088 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
CVE-2023-41578 — CVSS 7.5 (high): Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
CVE-2020-28087 — CVSS 7.5 (high): A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database…
CVE-2022-2647 — CVSS 7.3 (high): A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The…
CVE-2023-47467 — CVSS 6.5 (medium): Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file…
CVE-2023-34660 — CVSS 6.5 (medium): jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
CVE-2025-10707 — CVSS 6.3 (medium): A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg…
CVE-2025-14908 — CVSS 6.3 (medium): A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file…
CVE-2026-2945 — CVSS 6.3 (medium): A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file…
CVE-2026-2822 — CVSS 6.3 (medium): A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file…
CVE-2023-1454 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The…
CVE-2026-1746 — CVSS 6.3 (medium): A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyw…
CVE-2025-61189 — CVSS 6.3 (medium): Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This…
CVE-2025-61188 — CVSS 6.3 (medium): Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files…
CVE-2025-10318 — CVSS 6.3 (medium): A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file…
CVE-2021-44585 — CVSS 6.1 (medium): A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
CVE-2023-38905 — CVSS 5.5 (medium): SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark…
CVE-2022-45205 — CVSS 5.3 (medium): Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
CVE-2023-1784 — CVSS 5.3 (medium): A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API…
CVE-2026-2555 — CVSS 5.0 (medium): A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file…
CVE-2025-10979 — CVSS 4.3 (medium): A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This…
CVE-2025-10980 — CVSS 4.3 (medium): A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls…
CVE-2025-10981 — CVSS 4.3 (medium): A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing…
CVE-2025-14909 — CVSS 4.3 (medium): A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file…
CVE-2025-10978 — CVSS 4.3 (medium): A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls…
CVE-2025-10319 — CVSS 4.3 (medium): A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file…
CVE-2023-1741 — CVSS 4.3 (medium): A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown…
CVE-2026-2111 — CVSS 4.3 (medium): A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file…
CVE-2022-45210 — CVSS 4.3 (medium): Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.
CVE-2022-45208 — CVSS 4.3 (medium): Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.
CVE-2025-15123 — CVSS 3.1 (low): A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/…
CVE-2025-15125 — CVSS 3.1 (low): A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file…
CVE-2025-15126 — CVSS 3.1 (low): A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file…
CVE-2025-15122 — CVSS 3.1 (low): A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarul…
CVE-2025-15124 — CVSS 3.1 (low): A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list…
CVE-2025-10976 — CVSS 3.1 (low): A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList…
CVE-2025-10977 — CVSS 3.1 (low): A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The…
CVE-2025-15119 — CVSS 3.1 (low): A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list…
CVE-2025-15120 — CVSS 3.1 (low): A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList…
CVE-2025-4533 — CVSS 2.7 (low): A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file…
CVE-2025-15121 — CVSS 2.4 (low): A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file…