CVE-2026-2945 | JeecgBoot 3.9.0 uploadImgByHttp fileUrl server-side request forgery

A vulnerability, which was classified as critical, was found in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery.

The identification of this vulnerability is CVE-2026-2945. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2945 | JeecgBoot 3.9.0 uploadImgByHttp fileUrl server-side request forgery

Post correlati

CVE-2024-45717 | SolarWinds Platform up to 2024.4 Search/Node Information Section cross site scripting

CVE-2025-41028 | Grupo Castilla Epsilon RH 3.03.36.010 POST Request WSAvisos.asmx sEstadoUsr sql injection

CVE-2021-46971 | Linux Kernel up to 5.4.116/5.10.34/5.11.18/5.12.1 perf security_locked_down access control

CVE-2024-12845 | Emlog Pro up to 2.4.1 /include/lib/common.php msg cross site scripting