This advisory has been withdrawn because it is a duplicate of GHSA-8qhm-ch8h-xgjr. This link is maintained to preserve external references.
Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.
CPE | Name | Operator | Version |
---|---|---|---|
com.jflyfox:jflyfox_jfinal | le | 5.1.0 |