JeecgBoot 漏洞列表

Jeecgboot 存在命令执行漏洞， 攻击者可以执行任意命令以获取服务器敏感信息以及权限。

JeecgBoot system passwordChange interface has an unauthorized password reset vulnerability. An unauthenticated attacker can reset administrator account password by sending a crafted request. FOFA: body="/sys/common/pdf/pdfPreviewIframe"

JeecgBoot框架passwordChange接口存在任意用户密码重置漏洞，未经身份验证的远程攻击者可以利用此漏洞重置管理员账户密码，从而接管系统后台，造成信息泄露，导致系统处于极不安全的状态。 fofa: body="/sys/common/pdf/pdfPreviewIframe"

Jeecg-Boot 后台服务API接口文档

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.