592 matches found
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...
CVE-2019-17352
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...
CVE-2025-3214
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3214
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3214
CVE-2025-3214 affects JFinal CMS up to version 5.2.4. The vulnerability resides in the readTemplate function’s engine.getTemplate, where manipulating the template argument enables path traversal. Exploitation can be remote, and public proofs exist, but the real existence of the vulnerability is d...
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit...
The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system allows a hacker to execute arbitrary code.
The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the /admin/tag/save file in the Jfinal CMS system allows a attacker to perform a CSRF attack.
The vulnerability of the /admin/tag/save file in the Jfinal CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
PT-2024-17558 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 1.0 Description: The issue is related to a cross-site request forgery CSRF vulnerability in the /admin/tag/save file of the JFinalCMS system. This vulnerability can be exploited remotely, allowing an attacker to perform a CS...
CVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...
PT-2024-35755 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue concerns the unauthorized execution of deserialization in the ApiForm.java file, leading to command execution. Recommendations: For JFinal CMS version 5.1.0, consider disabling the deserializati...
CVE-2024-53477
CVE-2024-53477 affects JFinal CMS 5.1.0. The vulnerability is due to unauthorized deserialization in ApiForm.java, enabling remote command execution (described as a total impact on confidentiality, integrity, and availability with network attack vector and no user interaction). The CVSS v3.1 vect...
CVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...
CVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...
jfinal cms 安全漏洞
jfinal cms is a java development of powerful information consulting website, using the simple and powerful JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. A security vulnerability exists in jfinal cms version 5.1.0. An attacker can...