Description
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
References (1)
Core 1
Core References
Scores
CVSS v3
6.5
EPSS
0.0009
EPSS Percentile
25.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (3)
jeecg/jeecg_boot
3.5.0
jeecg/jeecg_boot
3.5.1
org.jeecgframework.boot/jeecg-boot-parent
0Maven
Published
Jun 16, 2023
Tracked Since
Feb 18, 2026