CVE-2022-38277

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list...

CVE-2022-38277

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list...

CVE-2022-38277

CVE-2022-38277 affects JFinal CMS 5.1.0 . The flaw is a SQL Injection at the endpoint /admin/folderrollpicture/list caused by unsafe SQL handling. According to NVD, the impact is High (C/H/I/A) with a CVSS v3.1 base score 7.2 (Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The attack vector is net...