99 matches found
CVE-2024-57773
CVE-2024-57773 affects JFinalOA prior to 2025-01-01, with an XSS vulnerability in the openSelectManyUserPage?orgid interface. The underlying issue is a cross-site scripting flaw that could allow arbitrary web scripts/HTML via crafted payloads. The CVSSv3.1 base score is 4.8 (Medium) with Network ...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...
CVE-2023-0758
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2023-0758
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
Sql injection
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2023-0758 glorylion JFinalOA SysOrg.java sql injection
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2023-0758
CVE-2023-0758 affects glorylion JFinalOA 1.0.2. A SQL injection flaw arises from the id parameter in SysOrg.java (src/main/java/com/pointlion/mvc/common/model/SysOrg.java). The issue can be exploited remotely and leads to high impact on confidentiality, integrity, and availability. Multiple conne...
PT-2023-16506 · Glorylion · Jfinaloa
Name of the Vulnerable Software and Affected Versions: glorylion JFinalOA version 1.0.2 Description: A critical issue affects the processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java, where the manipulation of the id argument leads to sql injection. The attack can be...
JFinalOA SQL注入漏洞
JFinalOA is an enterprise office system based on the JFinal framework. A SQL injection vulnerability exists in JFinalOA version 1.0.2, which originates from the id parameter of the src/main/java/com/pointlion/mvc/common/model/SysOrg.java file that could lead to SQL injection...
JFinalOA SQL Injection Vulnerability
JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
Sql injection
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
glorylion JFinalOA contains an SQL injection in the defkey parameter of FlowTaskController.getHaveDoneTaskDataList. The root cause is improper handling of the defkey input, enabling arbitrary SQL execution with potential HIGH confidentiality impact. Affected versions/details are not provided in t...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
SQL Injection Vulnerability in JFinalOA
JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from the database...
SQL Injection Vulnerability in JFinalOA Frontend
JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA front-end SQL injection vulnerability can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in JfinalOA
JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...