deerwms

8 exploits Active since Jul 2025
CVE-2025-8163 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via params[dataScope]
A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8162 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via params[dataScope]
A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8161 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via /system/role/export params[dataScope]
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8127 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via params[dataScope]
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8126 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via params[dataScope]
A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8125 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via params[dataScope]
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8124 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via params[dataScope]
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3
CVE-2025-8123 GITEE MEDIUM java
deer-wms-2 < 3.3 - SQL Injection via /system/dept/edit Ancestors Parameter
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
1,418 stars
CVSS 6.3