CRITICAL🇵🇱 Wersja polska

CVE-2024-53499

CVSS 9.8v3.1pub. 2025-08-22upd. 2025-09-09

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.

🤖 AI Analysis
How it works

An attacker can submit a crafted HTTP request to the CgReportController API endpoint by injecting malicious SQL code. The lack of proper validation or parameterization of input data causes the injected code to be directly interpreted by the database engine. The attack does not require having an account in the system or user interaction, and it can be carried out remotely over the network.

Impact

An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and depending on the database server configuration—potentially take control of the system. The vulnerability threatens the confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the vendor should be applied according to the references. As a temporary measure, it is recommended to restrict network access to the CgReportController API interface and monitor logs for suspicious SQL queries.

Who is affected

Jeewms v3.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jeewms

    APP
    Jeewms
    3.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-50901CRITICAL9.8PL ✓ten sam produkt

JeeWMS — pominięcie uwierzytelnienia umożliwiające odczyt plików

CVE-2024-27764CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień przez path traversal w Jeewms (AuthInterceptor)

CVE-2024-57757HIGH7.5ten sam produkt

JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInt...

CVE-2024-27765HIGH7.5ten sam produkt

Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive info...

CVE-2026-3026MEDIUM5.5ten sam produkt

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality ...