CVE-2025-60268

Medium CVSS: 6.5

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution.

Vendor

Huayi-tec

Product

Jeewms

CWE

CWE-77

Yayın Tarihi

2025-10-10 18:15:39

Güncelleme

2025-10-16 15:39:43

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Jeewms MEDIUM Huayi-tec 2025

Referanslar

https://gitee.com/erzhongxmu/JEEWMS https://github.com/int-ux/report/issues/4

Benzer Kayıtlar

Medium

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file…

Medium

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 paramet…

Critical

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework…

Medium

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information…

Medium

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is th…

Medium

CVE-2025-5390

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedea…