Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. an improper access control vulnerability exists in Jfinal CMS 4.7.1 and earlier versions. An attacker can use the getFolder() function in /modules/filemanager/FileManager.java to obtain sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal cms jfinal cms | le | 4.7.1 |