Lucene search
HistorySep 09, 2022 - 2:15 p.m.
CVE-2022-38284
jfinal cms
sql injection
cve-2022-38284
nvd
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
37.7%
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
Affected configurations
Node
jflyfoxjfinal_cmsMatch5.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| jflyfox:jfinal_cms | jflyfox jfinal cms | eq | 5.1.0 |
References
Social References
More
Related
prion
prion
Sql injection
2022-09-09 14:15:00
osv
osv
CVE-2022-38284
2022-09-09 14:15:09
cvelist
cvelist
CVE-2022-38284
2022-09-09 13:40:50
nvd
nvd
CVE-2022-38284
2022-09-09 14:15:09
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
37.7%
Related for CVE-2022-38284