Int-Ux

**Name of the Vulnerable Software and Affected Versions** JEEWMS version 20250820 **Description** The software is susceptible to a SQL Injection issue within the `exportXls` function. This function is located in the file src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java. The issue allows for potential manipulation of database queries through crafted input. **Recommendations** Apply a fix to the `exportXls` function in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file to prevent SQL Injection.

**Name of the Vulnerable Software and Affected Versions** xckk version 9.6 **Description** The software contains a SQL injection issue due to insufficient filtering of the `orderBy` parameter within the `/user/list` API endpoint. This allows for potential manipulation of database queries. **Recommendations** Apply secure filtering to the `orderBy` parameter in the `/user/list` API endpoint.

**Name of the Vulnerable Software and Affected Versions** xckk version 9.6 **Description** The software contains a SQL injection issue due to insufficient filtering of the `cond` parameter within the ''/notice/list'' API endpoint. This allows for potential unauthorized database access or modification. **Recommendations** Apply secure filtering techniques to the `cond` parameter in the ''/notice/list'' API endpoint.