Jeewms
CVE-2024-27764
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.
AnalysisAI
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. Affected products include: Jeewms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information vi
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. Rated medium severity (CVSS 6.9), this v
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute a
Jeewms 3.7 contains a server-side request forgery vulnerability in the UEditor plugin's getRemoteImage.jsp file, where t
Code injection in erzhongxmu JeeWMS via the JimuReport test-connection endpoint (/base-boot/jmreport/testConnection) all
Unauthenticated remote access to the Spring Boot Actuator endpoint in erzhongxmu JeeWMS exposes sensitive application in
A vulnerability was found in erzhongxmu Jeewms up to 20241108. Rated medium severity (CVSS 5.3), this vulnerability is r
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical.html o
JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 paramet
Reflected cross-site scripting in Jeewms up to version 3.7 exists in the UEditor component's getContent.jsp file through
A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. Rated critical sever
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today