Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.0.1 has a command injection vulnerability, which originates from com. jflyfox.component.controller.Ueditor fails to properly filter the construct command special characters, commands, etc. An attacker could exploit this vulnerability to cause arbitrary command execution.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal cms jfinal cms | eq | 5.0.1 |