In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal | eq | jfinal-2.1 | |
jfinal | eq | jfinal-4.3 | |
jfinal | eq | jfinal-3.7 | |
jfinal | eq | jfinal-3.0 | |
jfinal | eq | jfinal-2.2 | |
jfinal | eq | jfinal-1.5 | |
jfinal | eq | jfinal-1.6 | |
jfinal | eq | jfinal-3.2 | |
jfinal | eq | jfinal-3.5 | |
jfinal | eq | jfinal-3.6 |