CVE-2025-60269

Critical CVSS: 9.4

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.

Vendor

Huayi-tec

Product

Jeewms

CWE

CWE-89

Yayın Tarihi

2025-10-10 17:15:38

Güncelleme

2025-10-16 15:40:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Jeewms CRITICAL Huayi-tec 2025

Referanslar

https://gitee.com/erzhongxmu/JEEWMS https://github.com/int-ux/report/issues/5

Benzer Kayıtlar

Medium

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file…

Medium

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 paramet…

Medium

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the sa…

Medium

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information…

Medium

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is th…

Medium

CVE-2025-5390

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedea…