A command injection vulnerability has been identified in the /jmreport/show component of JeecgBoot framework versions 3.0.0 through 3.5.3. The vulnerability allows attackers to execute arbitrary code on affected systems through specially crafted HTTP requests. This represents a critical security flaw that could lead to complete system compromise. The affected versions span multiple releases of the popular Java-based development framework. Proof-of-concept exploits and technical details are publicly available, increasing the risk of active exploitation.