45 matches found
CVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...
PT-2023-30467 · Jflyfox · Jfinalcms
Name of the Vulnerable Software and Affected Versions: jflyfox jfinalCMS version 5.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the "login.jsp" component in the template management module. Recommendations: For jflyfox jfinalCMS version 5.1....
Arbitrary file deletion
jfinal CMS 5.1.0 has an arbitrary file read vulnerability...
Sql injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list...
CVE-2022-37202
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list...
CVE-2022-37202
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list...
CVE-2022-37208
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...
CVE-2022-37208
Technical details about CVE-2022-37208 are not publicly available in the provided connected documents. The description notes SQL injection in JFinal CMS 5.1.0, but there are no concrete technical specifics, exploits, fixes, or affected components in the supplied sources. Monitor for updates.
CVE-2022-37209
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...
Sql injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection...
CVE-2022-37201
JFinal CMS 5.1.0 is vulnerable to SQL Injection...
CVE-2022-37207
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...
CVE-2022-38286
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...
CVE-2022-38281
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list...
CVE-2022-38277
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list...
CVE-2022-38282
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list...
CVE-2022-38285
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...
CVE-2022-38279
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list...
CVE-2022-38283
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...
CVE-2022-38275
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list...