CVE-2024-43028

CVE-2024-43028: A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to exe

Description

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.

Affected Products

Vendor	Product	Versions
—	n/a	n/a, 3.5.3

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2024-43028 | JeecgBoot up to 3.5.3 HTTP /jmreport/show command injection

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-77

PublishedApr 1, 2026

Last enriched26m agov2

Trending Score44

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions

Apr 1, 2026

Version History

Last enriched 26m ago

v2Tier C1h ago

Updated vendor to Jeecg, product to JeecgBoot, specified affected version as 3.5.3, and corrected exploit availability to false.

affectedVersions

via VulDB

v12h ago

Initial creation