Lucene search
K

531 matches found

CNNVD
CNNVD
added 2025/01/29 12:0 a.m.6 views

JFinalCMS 安全漏洞

JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS version 1.0, which originates from the title parameter in rc/main/java/com/cms/entity/Content.java that can lead to SQL injection...

9.8CVSS7.3AI score0.00477EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/29 12:0 a.m.13 views

CVE-2024-57665

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering...

0.00477EPSS
Exploits1References1
CVE
CVE
added 2025/01/29 12:0 a.m.55 views

CVE-2024-57665

The CVE-2024-57665 entry concerns JFinalCMS 1.0, where SQL Injection arises in rc/main/java/com/cms/entity/Content.java because the title parameter is user-controlled and concatenated directly into filterSql without filtering. Affects Content.java logic; impact is high (as per CVSS 3.1: Critical,...

9.8CVSS7.6AI score0.00477EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2024/12/13 12:0 a.m.11 views

JFinalCMS SQL Injection Vulnerability (CNVD-2024-49645)

JFinalCMS is an open source free JAVA enterprise website development and construction management system. JFinalCMS has a SQL injection vulnerability in version 1.0. The vulnerability is due to the failure to adequately validate and filter user-input data in the affected version, which can be...

8.8CVSS7.7AI score0.00517EPSS
Exploits1References1
CNVD
CNVD
added 2024/12/13 12:0 a.m.7 views

JFinalCMS Cross-Site Request Forgery Vulnerability (CNVD-2024-49644)

JFinalCMS is a content management system. A cross-site request forgery vulnerability exists in JFinalCMS version 1.0, which stems from the /admin/tag/save file not adequately verifying that a request comes from a trusted user. An attacker can exploit this vulnerability to forge a malicious reques...

8.8CVSS6.5AI score0.00359EPSS
Exploits1References1
OSV
OSV
added 2024/12/09 1:15 a.m.3 views

CVE-2024-12351

A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...

8.8CVSS5.7AI score0.00517EPSS
Exploits1References4
NVD
NVD
added 2024/12/09 1:15 a.m.24 views

CVE-2024-12351

A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...

8.8CVSS0.00517EPSS
Exploits1References4
NVD
NVD
added 2024/12/09 1:15 a.m.17 views

CVE-2024-12349

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS0.00359EPSS
Exploits1References4
OSV
OSV
added 2024/12/09 1:15 a.m.2 views

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

8.8CVSS5.6AI score0.03637EPSS
Exploits1References4
OSV
OSV
added 2024/12/09 1:15 a.m.5 views

CVE-2024-12349

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS4.7AI score0.00359EPSS
Exploits1References4
NVD
NVD
added 2024/12/09 1:15 a.m.43 views

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

8.8CVSS0.03637EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/09 12:31 a.m.31 views

CVE-2024-12351 JFinalCMS File Content ContentModel.java findPage sql injection

A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...

6.5CVSS0.00517EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/12/09 12:31 a.m.15 views

CVE-2024-12351 JFinalCMS File Content ContentModel.java findPage sql injection

A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...

6.5CVSS7.7AI score0.00517EPSS
Exploits1References4
CVE
CVE
added 2024/12/09 12:31 a.m.54 views

CVE-2024-12351

CVE-2024-12351 affects JFinalCMS 1.0 in the File Content Handler (ContentModel.java findPage). The root cause is manipulation of the argument name that leads to an SQL injection, allowing remote exploitation. Public references describe the issue as critical with high impact to confidentiality, in...

8.8CVSS6.8AI score0.00517EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/09 12:31 a.m.17 views

CVE-2024-12350 JFinalCMS Template TemplateController.java update command injection

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

6.5CVSS7.4AI score0.03637EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/09 12:31 a.m.43 views

CVE-2024-12350 JFinalCMS Template TemplateController.java update command injection

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

6.5CVSS0.03637EPSS
Exploits1References4
CVE
CVE
added 2024/12/09 12:31 a.m.58 views

CVE-2024-12350

The CVE-2024-12350 entry concerns JFinalCMS 1.0, specifically the Template Handler’s update function in TemplateController.java. The vulnerability stems from manipulation of the content argument, enabling a command injection that can be triggered remotely, with exploits disclosed publicly. Remedi...

8.8CVSS6.9AI score0.03637EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.15 views

CVE-2024-12349 JFinalCMS save cross-site request forgery

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

6.9CVSS0.00359EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/12/09 12:0 a.m.12 views

CVE-2024-12349 JFinalCMS save cross-site request forgery

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

6.9CVSS6.5AI score0.00359EPSS
Exploits1References4
CVE
CVE
added 2024/12/09 12:0 a.m.56 views

CVE-2024-12349

CVE-2024-12349 affects JFinalCMS 1.0. The vulnerability is a cross-site request forgery in the /admin/tag/save endpoint, enabling remote exploitation. The issue stems from insufficient verification of the requester, with exploit information publicly disclosed. Connected sources corroborate CSRF i...

8.8CVSS4.7AI score0.00359EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder