CVE-2026-11457

HIGH 7.3

erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

15th

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-74 CWE-707
Vendor	erzhongxmu
Product	jeewms
Published	Jun 7, 2026
Last Updated	Jun 9, 2026

Stay Ahead of the Next One

Get instant alerts for erzhongxmu jeewms

Be the first to know when new high vulnerabilities affecting erzhongxmu jeewms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

erzhongxmu / JeeWMS

141740afb2ba14d441c82a833d0a418d07ca2d69

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369076 vuldb.com: https://vuldb.com/vuln/369076/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11457 vuldb.com: https://vuldb.com/submit/828509 github.com: https://github.com/0d000721999/evc1/issues/1

Credits

🔍 0d00 (VulDB User) VulDB CNA Team