CVE-2024-43028 Jeecg — Exploit & Vulnerability Details CRITICAL

CVE-2024-43028

CRITICAL CVSS 3.1: 9.8 EPSS 0.78%

Parameter	Value
CVSS	9.8 (CRITICAL)
Affected Versions	3.0 — 3.5.3
Type	CWE-77 (Command Injection)
Vendor	Jeecg
Public PoC	No

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-77 Command Injection

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Jeecg Jeecg_Boot cpe:2.3:a:jeecg:jeecg_boot::::::::	`3.0`	`<= 3.5.3`

References 2

https://gist.github.com/aqyoung/e3b7ba5d8b8261df7d09931dbe779b3b

cve@mitre.org

https://pan.baidu.com/s/1h2RGEvxuvsKtsn2-TlFlmA?pwd=gf5r

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2024-40489

There

9.8

CVE-2025-66913

Jeecg

9.8

CVE-2025-15126

Jeecg

2.3

CVE-2025-15125

Jeecg

2.3

CVE-2025-15124

Jeecg

2.3

Menu

CVE-2024-43028

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2024-40489

CVE-2025-66913

CVE-2025-15126

CVE-2025-15125

CVE-2025-15124

CVE Details

Editor's Choice

Menu

CVE-2024-43028

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2024-40489

CVE-2025-66913

CVE-2025-15126

CVE-2025-15125

CVE-2025-15124

CVE Details

Editor's Choice

Stay informed on cybersecurity