Ib2Xzgerzhongxmu

**Name of the Vulnerable Software and Affected Versions** erzhongxmu Jeewms up to 20241108 **Description** A critical issue affects the processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument `begin date` leads to sql injection. The attack may be initiated remotely. Other parameters might be affected as well. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `cgReportController.do` file or the `AuthInterceptor` component to minimize the risk of exploitation. Avoid using the parameter `begin date` in the affected file until the issue is resolved.