Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-79737
HistorySep 16, 2021 - 12:00 a.m.

Jfinal cms improper access control vulnerability

2021-09-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
jfinal cms
java
beetl
mysql
bootstrap
access control
vulnerability
filemanager
filemanagercontroller
information
denial of service
cnvd

EPSS

0.003

Percentile

70.5%

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions. An attacker could use the FileManager.delete() function in modules/filemanager/FileManagerController.java to obtain sensitive information or cause a denial of service.

EPSS

0.003

Percentile

70.5%

Related for CNVD-2021-79737