CVE-2024-57761

High CVSS: 8.1

An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.

Vendor

Huayi-tec

Product

Jeewms

CWE

CWE-434

Yayın Tarihi

2025-01-15 00:15:33

Güncelleme

2025-09-11 21:13:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Jeewms HIGH Huayi-tec 2025

Referanslar

https://gitee.com/erzhongxmu/JEEWMS/issues/IBFTZ7

Benzer Kayıtlar

Medium

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file…

Medium

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 paramet…

Medium

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the sa…

Critical

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework…

Medium

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information…

Medium

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is th…