4 matches found
CVE-2023-50449
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter...
CVE-2023-50449
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter...
CVE-2023-50449
Summary (CVE-2023-50449): JFinalCMS 5.0.0 is vulnerable to a remote directory traversal via the /common/down/file fileKey parameter, allowing reading of arbitrary files. Root cause: improper handling of the ../ path segment in the fileKey parameter. Documented by multiple sources (Red Hat, GHSA, ...
CVE-2023-50449
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter...