| Title | jeecgboot jimureport ≤ v2.1.2 Deserialization |
|---|
| Description | In jimureport ≤ v2.1.2, the MySQL JDBC deserialization vulnerability arises because user-controlled JDBC connection parameters are not properly filtered. An attacker can craft a malicious URL to exploit this flaw, resulting in arbitrary file read. |
|---|
| Source | ⚠️ https://github.com/jeecgboot/jimureport/issues/4116 |
|---|
| User | ez-lbz (UID 87033) |
|---|
| Submission | 09/07/2025 05:04 (5 months ago) |
|---|
| Moderation | 09/21/2025 10:19 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325126 [jeecgboot JimuReport up to 2.1.2 MySQL JDBC testConnection deserialization] |
|---|
| Points | 16 |
|---|