Description

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.

Remediation

References

https://github.com/jeecgboot/jeecg-boot/issues/4990

Related Vulnerabilities

CVE-2021-23760 Vulnerability in npm package keyget

CVE-2019-9827 Vulnerability in maven package io.hawt:hawtio-system

CVE-2021-23358 Vulnerability in npm package underscore

CVE-2023-30547 Vulnerability in npm package vm2

CVE-2021-23359 Vulnerability in npm package port-killer

Severity

High

Classification

CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Exploit