李响

**Name of the Vulnerable Software and Affected Versions** JeeWMS up to 20250504 **Description** A critical issue has been discovered, affecting the `dogenerate` function of the `/generateController.do?dogenerate` file in the File Handler component. This leads to improper access controls, allowing remote attacks. The product uses a rolling release model for continuous delivery, so specific version details for affected or updated releases are not available. **Recommendations** For JeeWMS up to 20250504, consider disabling the `dogenerate` function of the `/generateController.do?dogenerate` file as a temporary workaround until a fix is available. Restrict access to the File Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeeWMS up to 20250504 **Description** A critical vulnerability was found in JeeWMS, affecting the `dogenerate` function of the file "/generateController.do?dogenerate". This vulnerability leads to SQL injection and can be launched remotely. **Recommendations** For JeeWMS up to 20250504, as a temporary workaround, consider disabling the `dogenerate` function of the "/generateController.do?dogenerate" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.