Guojusoft: Security Vulnerabilities
JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-22
SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-02-07
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".
CVSS Score
9.8
EPSS Score
0.106
Published
2021-05-03