int-ux/report

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-60268 ↗	Oct 10, 2025Friday, 10 October 2025, 18:15	6.5 MEDIUM	—
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution.
CVE-2025-60269 ↗	Oct 10, 2025Friday, 10 October 2025, 17:15	9.4 CRITICAL	—
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.
CVE-2025-60267 ↗	Oct 9, 2025Thursday, 9 October 2025, 18:15	6.5 MEDIUM	—
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability.
CVE-2025-60266 ↗	Oct 9, 2025Thursday, 9 October 2025, 17:16	6.5 MEDIUM	—
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability.
CVE-2025-60265 ↗	Oct 9, 2025Thursday, 9 October 2025, 16:15	6.5 MEDIUM	—
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability.