Lucene search
K

592 matches found

CNVD
CNVD
added 2021/05/06 12:0 a.m.4 views

SQL Injection Vulnerability in jfinal cms Backend

jfinal cms is a java developed information and counseling website. A SQL injection vulnerability exists in the backend of jfinal cms. An attacker can exploit the vulnerability to obtain sensitive database information...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/04/15 12:0 a.m.1 views

Command execution vulnerability in jfinal framework

jfinal is based on the Java language of the very fast WEB + ORM framework. A command execution vulnerability exists in the jfinal framework. An attacker can exploit this vulnerability to gain server privileges...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/02/25 12:0 a.m.3 views

SQL Injection Vulnerability in JFinalOA

JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from the database...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/12/16 12:0 a.m.3 views

File upload vulnerability in jfinal

jfinal is based on the Java language of the extremely fast WEB + ORM framework . jfinal has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/12/14 12:0 a.m.5 views

SQL Injection Vulnerability in JFinalOA Frontend

JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA front-end SQL injection vulnerability can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2020/08/18 12:0 a.m.3 views

Command execution vulnerability in jfinal cms

jfinal cms, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. jfinal cms has a command execution vulnerability that can be exploited by an attacker to obtain server administrative privileges...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/06/02 12:0 a.m.3 views

XSS Vulnerability at jfinal cms publishing blog posts

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. jfinal cms publish blog posts at the existence of XSS vulnerabilities , attackers...

6.2AI score
Exploits0
CNVD
CNVD
added 2020/06/02 12:0 a.m.1 views

XSS Vulnerability in jfinal cms User Profile Edit

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. jfinal cms user profile editing XSS vulnerability , an attacker can exploit the...

6.1AI score
Exploits0
CNVD
CNVD
added 2020/06/02 12:0 a.m.1 views

XSS Vulnerability at jfinal cms comment feeds

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. jfinal cms feedback at the existence of XSS vulnerability , an attacker can explo...

6.1AI score
Exploits0
NVD
NVD
added 2019/10/08 1:15 p.m.18 views

CVE-2019-17352

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...

7.5CVSS7.5AI score0.01743EPSS
Exploits1References3
OSV
OSV
added 2019/10/08 1:15 p.m.13 views

CVE-2019-17352

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...

7.5CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2019/10/08 1:15 p.m.11 views

Design/Logic Flaw

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...

5CVSS7.5AI score0.01743EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/10/08 12:13 p.m.55 views

CVE-2019-17352

CVE-2019-17352 affects JFinal cos prior to 2019-08-13 (JFinal 4.4). The isSafeFile() check can be bypassed, allowing upload of any file type (e.g., .jsp) with deletion not consistently executed; no remediation details are provided in the supplied documents.

7.5CVSS7.5AI score0.01743EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/10/08 12:13 p.m.20 views

CVE-2019-17352

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...

7.5AI score0.01743EPSS
Exploits1References3
CNVD
CNVD
added 2019/04/01 12:0 a.m.1 views

File Upload Vulnerability in Jfinal cms Backend Template Management System

Jfinal cms, using a simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms back-end template management system exists file upload vulnerability, its back-end template management system exists...

7.2AI score
Exploits0
CNVD
CNVD
added 2019/04/01 12:0 a.m.1 views

File Upload Vulnerability in Jfinal cms Backend Video Management Service

Jfinal cms, using a simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms background video management system file upload vulnerability , its background article video at the existence of arbitra...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/04/01 12:0 a.m.1 views

Jfinal cms backend image management has file upload vulnerability

Jfinal cms, using a simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms background image management system file upload vulnerability , its background image management system file upload...

7AI score
Exploits0
CNVD
CNVD
added 2019/04/01 12:0 a.m.1 views

File upload vulnerability in Jfinal cms backend site administration

Jfinal cms uses a simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms back-end site management system there is a file upload vulnerability , its back-end site management system there is an...

7AI score
Exploits0
CNVD
CNVD
added 2019/04/01 12:0 a.m.1 views

File Upload Vulnerability in Jfinal cms Backend Article Management System

Jfinal cms, using a simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms back-end article management system file upload vulnerability , its back-end article management system file upload...

7AI score
Exploits0
CNVD
CNVD
added 2019/04/01 12:0 a.m.2 views

Jfinal cms backend column scrolling image at the existence of file upload vulnerability

Jfinal cms, using a simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms background column scrolling picture at the existence of file upload vulnerability, its background column management...

7.1AI score
Exploits0
Rows per page
Query Builder