Lucene search
K

592 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:0 p.m.6 views

CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...

6.5CVSS6.8AI score0.01601EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 p.m.8 views

CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

6.5CVSS6.5AI score0.01909EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:2 p.m.10 views

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

6.5CVSS6.5AI score0.03876EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.7 views

CVE-2020-19151

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

8.8CVSS8.2AI score0.05031EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 p.m.11 views

CVE-2020-19155

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

8.8CVSS7.6AI score0.07522EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.7 views

CVE-2019-17352

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...

7.5CVSS6.7AI score0.01743EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/06 6:35 a.m.16 views

CVE-2025-3214

A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...

5.3CVSS6.9AI score0.00457EPSS
Exploits0References1
NVD
NVD
added 2025/04/04 6:15 a.m.37 views

CVE-2025-3214

A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...

5.3CVSS0.00457EPSS
Exploits0References4
CVE
CVE
added 2025/04/04 6:0 a.m.67 views

CVE-2025-3214

CVE-2025-3214 affects JFinal CMS up to version 5.2.4. The vulnerability resides in the readTemplate function’s engine.getTemplate, where manipulating the template argument enables path traversal. Exploitation can be remote, and public proofs exist, but the real existence of the vulnerability is d...

5.3CVSS7.1AI score0.00457EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/04 6:0 a.m.11 views

CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal

A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...

5.3CVSS7.1AI score0.00457EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/04 6:0 a.m.16 views

CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal

A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...

5.3CVSS0.00457EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/02/04 12:0 a.m.5 views

The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system allows a hacker to execute arbitrary code.

The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

9CVSS6.9AI score0.03637EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/04 12:0 a.m.5 views

The vulnerability of the /admin/tag/save file in the Jfinal CMS system allows a attacker to perform a CSRF attack.

The vulnerability of the /admin/tag/save file in the Jfinal CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

10CVSS5.2AI score0.00359EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/08 12:0 a.m.4 views

PT-2024-17558 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 1.0 Description: The issue is related to a cross-site request forgery CSRF vulnerability in the /admin/tag/save file of the JFinalCMS system. This vulnerability can be exploited remotely, allowing an attacker to perform a CS...

8.8CVSS5AI score0.00359EPSS
Exploits1References11
NVD
NVD
added 2024/12/02 9:15 p.m.26 views

CVE-2024-53477

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...

9.8CVSS0.00847EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.12 views

PT-2024-35755 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue concerns the unauthorized execution of deserialization in the ApiForm.java file, leading to command execution. Recommendations: For JFinal CMS version 5.1.0, consider disabling the deserializati...

9.8CVSS7.6AI score0.00847EPSS
Exploits0References6
CVE
CVE
added 2024/12/02 12:0 a.m.110 views

CVE-2024-53477

CVE-2024-53477 affects JFinal CMS 5.1.0. The vulnerability is due to unauthorized deserialization in ApiForm.java, enabling remote command execution (described as a total impact on confidentiality, integrity, and availability with network attack vector and no user interaction). The CVSS v3.1 vect...

9.8CVSS6.9AI score0.00847EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/12/02 12:0 a.m.23 views

CVE-2024-53477

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...

0.00847EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/02 12:0 a.m.10 views

CVE-2024-53477

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...

9.7AI score0.00847EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.6 views

jfinal cms 安全漏洞

jfinal cms is a java development of powerful information consulting website, using the simple and powerful JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. A security vulnerability exists in jfinal cms version 5.1.0. An attacker can...

9.8CVSS6.8AI score0.00847EPSS
Exploits0References2
Rows per page
Query Builder