531 matches found
JFinalCMS 安全漏洞
JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS version 1.0, which originates from the title parameter in rc/main/java/com/cms/entity/Content.java that can lead to SQL injection...
CVE-2024-57665
JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering...
CVE-2024-57665
The CVE-2024-57665 entry concerns JFinalCMS 1.0, where SQL Injection arises in rc/main/java/com/cms/entity/Content.java because the title parameter is user-controlled and concatenated directly into filterSql without filtering. Affects Content.java logic; impact is high (as per CVSS 3.1: Critical,...
JFinalCMS SQL Injection Vulnerability (CNVD-2024-49645)
JFinalCMS is an open source free JAVA enterprise website development and construction management system. JFinalCMS has a SQL injection vulnerability in version 1.0. The vulnerability is due to the failure to adequately validate and filter user-input data in the affected version, which can be...
JFinalCMS Cross-Site Request Forgery Vulnerability (CNVD-2024-49644)
JFinalCMS is a content management system. A cross-site request forgery vulnerability exists in JFinalCMS version 1.0, which stems from the /admin/tag/save file not adequately verifying that a request comes from a trusted user. An attacker can exploit this vulnerability to forge a malicious reques...
CVE-2024-12351
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...
CVE-2024-12351
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...
CVE-2024-12349
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2024-12350
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...
CVE-2024-12349
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2024-12350
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...
CVE-2024-12351 JFinalCMS File Content ContentModel.java findPage sql injection
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...
CVE-2024-12351 JFinalCMS File Content ContentModel.java findPage sql injection
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...
CVE-2024-12351
CVE-2024-12351 affects JFinalCMS 1.0 in the File Content Handler (ContentModel.java findPage). The root cause is manipulation of the argument name that leads to an SQL injection, allowing remote exploitation. Public references describe the issue as critical with high impact to confidentiality, in...
CVE-2024-12350 JFinalCMS Template TemplateController.java update command injection
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...
CVE-2024-12350 JFinalCMS Template TemplateController.java update command injection
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...
CVE-2024-12350
The CVE-2024-12350 entry concerns JFinalCMS 1.0, specifically the Template Handler’s update function in TemplateController.java. The vulnerability stems from manipulation of the content argument, enabling a command injection that can be triggered remotely, with exploits disclosed publicly. Remedi...
CVE-2024-12349 JFinalCMS save cross-site request forgery
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2024-12349 JFinalCMS save cross-site request forgery
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2024-12349
CVE-2024-12349 affects JFinalCMS 1.0. The vulnerability is a cross-site request forgery in the /admin/tag/save endpoint, enabling remote exploitation. The issue stems from insufficient verification of the requester, with exploit information publicly disclosed. Connected sources corroborate CSRF i...