CNNVD-202507-2368 Information

CNNVD ID

CNNVD-202507-2368

Related CVE

CVE-2025-7759

• CNNVD Published: 2025-07-17

Description (Chinese)

Thinkgem JeeSite是中国卓源（Thinkgem）公司的一套开源的Java EE企业级快速开发平台。该平台包括系统权限组件、数据权限组件、数据字典组件、核心工具组件、视图操作组件、工作流组件和代码生成组件等。 Thinkgem JeeSite 5.12.0及之前版本存在代码问题漏洞，该漏洞源于文件ActionEnter.java中参数Source处理不当，导致服务端请求伪造。

Description (English)

Thinkgem JeeSite is an open-source version of the Java EE enterprise-level rapid development platform of Thinkgem, China. The platform includes the system rights component, the data rights component, the data dictionary component, the core tool component, the view operation component, the workflow component and the code generation component. Thinkgem JeeSite 5.12.0 and previous versions had a code gap, which stemmed from the inappropriate handling of the argument Source in ActionEnter.java, which led to the forgery of service requests.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

卓源

Published

2025-07-17

Last Modified

2026-02-24

References

https://github.com/thinkgem/jeesite5/commit/1c5e49b0818037452148e0f8ff69ed04cb8fefdc https://github.com/thinkgem/jeesite5/issues/27 https://vuldb.com/?id.316749 https://vuldb.com/?submit.615769 https://vuldb.com/?ctiid.316749 https://github.com/MentalityXt/jeesite_ssrf/tree/main https://access.redhat.com/security/cve/cve-2025-7759