Lucene search
+L

593 matches found

nvd
nvd
added 2021/09/15 2:15 p.m.14 views

CVE-2020-19151

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

8.8CVSS0.05031EPSS
Exploits1References1
osv
osv
added 2021/09/15 2:15 p.m.13 views

CVE-2020-19148

Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...

5.4CVSS6.8AI score
Exploits0References1
nvd
nvd
added 2021/09/15 2:15 p.m.21 views

CVE-2020-19155

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

8.8CVSS0.07522EPSS
Exploits1References2
osv
osv
added 2021/09/15 2:15 p.m.15 views

CVE-2020-19155

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

8.8CVSS7.6AI score
Exploits0References2
osv
osv
added 2021/09/15 2:15 p.m.12 views

CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...

8.1CVSS7AI score
Exploits0References1
osv
osv
added 2021/09/15 2:15 p.m.16 views

CVE-2020-19151

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

8.8CVSS8.1AI score
Exploits0References1
nvd
nvd
added 2021/09/15 2:15 p.m.18 views

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

6.5CVSS0.03876EPSS
Exploits1References1
nvd
nvd
added 2021/09/15 2:15 p.m.13 views

CVE-2020-19148

Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...

5.4CVSS0.01083EPSS
Exploits1References1
nvd
nvd
added 2021/09/15 2:15 p.m.76 views

CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...

8.1CVSS0.0349EPSS
Exploits1References1
osv
osv
added 2021/09/15 2:15 p.m.17 views

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

6.5CVSS6.5AI score
Exploits0References1
nvd
nvd
added 2021/09/15 2:15 p.m.17 views

CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...

6.5CVSS0.01601EPSS
Exploits1References1
nvd
nvd
added 2021/09/15 2:15 p.m.14 views

CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

6.5CVSS0.01909EPSS
Exploits1References1
osv
osv
added 2021/09/15 2:15 p.m.14 views

CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...

6.5CVSS6.8AI score
Exploits0References1
osv
osv
added 2021/09/15 2:15 p.m.11 views

CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

6.5CVSS6.5AI score
Exploits0References1
prion
prion
added 2021/09/15 2:15 p.m.14 views

Cross site scripting

Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...

3.5CVSS5.7AI score0.01083EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/09/15 2:15 p.m.15 views

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

6.5CVSS8.8AI score0.07522EPSS
Exploits1References2Affected Software1
prion
prion
added 2021/09/15 2:15 p.m.16 views

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

4CVSS6.3AI score0.01909EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/09/15 2:15 p.m.11 views

Command injection

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

6.5CVSS9.1AI score0.05031EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/09/15 2:15 p.m.14 views

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

4CVSS6.3AI score0.03876EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/09/15 2:15 p.m.17 views

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...

5.5CVSS7.9AI score0.0349EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder