3 matches found
CVE-2022-38284
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list...
CVE-2022-38284
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list...
CVE-2022-38284
CVE-2022-38284 affects JFinal CMS 5.1.0. The vulnerability is a SQL Injection exposed via the /system/department/list API endpoint, with a CVSS v3.1 base score of 7.2 (HIGH) and no user interaction required. A remediation path exists: upgrade to a newer JFinal CMS version that contains a fix (as ...