Lucene search
K

593 matches found

vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.4 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49375 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49375 Source advisory: OSV:GHSA-GFHV-XXQJ-H323...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49373 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49373 Source advisory: OSV:GHSA-CJ7J-23WF-MHRX...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49372 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49372 Source advisory: OSV:GHSA-9WVJ-WR2F-6MX6...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49377 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49377 Source advisory: OSV:GHSA-R6MG-FQ87-GW34...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
OSV
OSV
added 2023/12/05 3:30 p.m.4 views

GHSA-9WVJ-WR2F-6MX6 Cross-Site Request Forgery in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/slide/save...

8.8CVSS5.9AI score0.00391EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.6 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49378 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49378 Source advisory: OSV:GHSA-GW26-CCHC-8F2F...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
Veracode
Veracode
added 2023/12/01 7:22 a.m.22 views

Arbitrary Code Execution

JFinal is vulnerable to Arbitrary Code Execution. The vulnerability exists because the login.jsp page is not properly restricted which allows an attacker to access and modify the content to inject and execute arbitrary code into the system...

9.8CVSS7.7AI score0.01273EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.4 views

PT-2023-30467 · Jflyfox · Jfinalcms

Name of the Vulnerable Software and Affected Versions: jflyfox jfinalCMS version 5.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the "login.jsp" component in the template management module. Recommendations: For jflyfox jfinalCMS version 5.1....

9.8CVSS9.6AI score0.01273EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2023/06/26 9:30 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +162 more potentially affected by CVE-2021-31635 via com.jfinal:jfinal (>=1.4 <=4.9.08)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 - cn.dreampie:jfinal-captcha =0.1 and more Source cves: CVE-2021-31635 Source advisory: OSV:GHSA-CGMM-C2M9-FF7R...

9.8CVSS7.2AI score0.01206EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/06/26 9:30 p.m.24 views

jFinal Server-Side Template Injection vulnerability

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

9.8CVSS8.1AI score0.01206EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/06/26 7:15 p.m.31 views

CVE-2021-31635

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

9.8CVSS9.7AI score0.01206EPSS
Exploits0References1
OSV
OSV
added 2023/06/26 7:15 p.m.14 views

CVE-2021-31635

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

9.8CVSS8.3AI score
Exploits0References1
Prion
Prion
added 2023/06/26 7:15 p.m.23 views

Sql injection

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

7.5CVSS9.8AI score0.01206EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.7 views

PT-2023-12153 · Jfinal · Jfinal

Name of the Vulnerable Software and Affected Versions: jFinal version 4.9.08 Description: A Server-Side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via the template function. This enables the attacker to potentially gain control over the server. Recommendation...

9.8CVSS8.5AI score0.01206EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.6 views

JFinal 安全漏洞

JFinal is a Java language based WEB + ORM open source framework. A security vulnerability exists in JFinal version v.4.9.08, which originated from allowing remote attackers to execute arbitrary code via template functions...

9.8CVSS9AI score0.01206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/26 12:0 a.m.6 views

CVE-2021-31635

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

8AI score0.01206EPSS
Exploits0References1
CVE
CVE
added 2023/06/26 12:0 a.m.66 views

CVE-2021-31635

CVE-2021-31635 : JFinal v4.9.08 contains a Server-Side Template Injection (SSTI) flaw in the template function that allows remote code execution. The NVD entry assigns a critical 9.8 base score (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Public references and distributor entries (Red Hat, Veracode, GH...

9.8CVSS9.7AI score0.01206EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/16 6:15 p.m.23 views

CVE-2023-34645

jfinal CMS 5.1.0 has an arbitrary file read vulnerability...

7.5CVSS7.6AI score0.00799EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/16 6:15 p.m.9 views

CVE-2023-34645

jfinal CMS 5.1.0 has an arbitrary file read vulnerability...

7.5CVSS7.2AI score0.00799EPSS
Exploits1References2
Prion
Prion
added 2023/06/16 6:15 p.m.19 views

Arbitrary file deletion

jfinal CMS 5.1.0 has an arbitrary file read vulnerability...

5CVSS7.5AI score0.00799EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder