CVE-2025-70311

Medium CVSS: 6.5

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.

Vendor

Huayi-tec

Product

Jeewms

CWE

CWE-89

Yayın Tarihi

2026-02-03 18:16:17

Güncelleme

2026-02-18 16:24:07

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Jeewms MEDIUM Huayi-tec 2026

Referanslar

https://gitee.com/erzhongxmu/JEEWMS

Benzer Kayıtlar

Medium

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file…

Medium

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the sa…

Critical

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework…

Medium

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information…

Medium

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is th…

Medium

CVE-2025-5390

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedea…