CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-1010201

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile33.64th
Published2019年7月23日
Last Modified2024年11月21日

Vulnerability Description

Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later.

Affected Platforms (CPE)

📦
Jeesite

Jeesite

= 1.2.7

References & Advisories

🔗 https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java
🔗 https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java

関連する脆弱性情報

CVE-2020-192299.8

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization v...

CVE-2019-10102026.5

Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: conver...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...