CVE-2024-53477

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...

PT-2023-30467 · Jflyfox · Jfinalcms

Name of the Vulnerable Software and Affected Versions: jflyfox jfinalCMS version 5.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the "login.jsp" component in the template management module. Recommendations: For jflyfox jfinalCMS version 5.1....

Arbitrary file deletion

jfinal CMS 5.1.0 has an arbitrary file read vulnerability...

Sql injection

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list...

CVE-2022-37202

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list...

CVE-2022-37202

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list...

CVE-2022-37208

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

CVE-2022-37208

Technical details about CVE-2022-37208 are not publicly available in the provided connected documents. The description notes SQL injection in JFinal CMS 5.1.0, but there are no concrete technical specifics, exploits, fixes, or affected components in the supplied sources. Monitor for updates.

CVE-2022-37209

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

JFinal SQL注入漏洞

JFinal is a Java-based language WEB ORM open source framework. JFinal CMS version 5.1.0 SQL injection vulnerability , the vulnerability stems from its several interfaces do not use the same components , and did not apply filters , and each interface uses its own SQL connection method , an attacke...

CVE-2022-37204

Final CMS 5.1.0 is vulnerable to SQL Injection...

CVE-2022-37204

Final CMS 5.1.0 is vulnerable to SQL Injection...

Sql injection

Final CMS 5.1.0 is vulnerable to SQL Injection...

Sql injection

JFinal CMS 5.1.0 is vulnerable to SQL Injection...

CVE-2022-37207

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

CVE-2022-37201

JFinal CMS 5.1.0 is vulnerable to SQL Injection...

JFinal SQL注入漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal CMS 5.1.0 SQL injection vulnerability exists , the vulnerability stems from the id, name, menu key interfaces do not use the same components , there is no filter , but each use their own SQL connection , resulting in SQL...

CVE-2022-38281

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list...

CVE-2022-38277

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list...

CVE-2022-38283

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...