Skip to main content

J2Eefast

21 CVEs product

Monthly

CVE-2024-45944 CRITICAL POC Act Now

In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-35091 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35090 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-35086 CRITICAL POC Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35085 MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-35084 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35083 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35082 MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-33164 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33161 MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-33155 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33153 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33149 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-33148 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-33147 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33146 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33144 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33139 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2476 MEDIUM POC This Month

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS J2Eefast
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2475 MEDIUM POC This Month

A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS J2Eefast
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-28890 CRITICAL POC Act Now

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE J2Eefast
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS J2Eefast
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS J2Eefast
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy