J2Eefast
Monthly
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.