Jfinal CMS is a powerful information consulting website developed in java, using the JFinal web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist improper access control vulnerabilities. An attacker can use the FileManager.rename() function in modules/filemanager/FileManagerController.java to exploit the vulnerability to obtain sensitive information and/or execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal cms jfinal cms | le | 4.7.1 |