593 matches found
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49375 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49375 Source advisory: OSV:GHSA-GFHV-XXQJ-H323...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49373 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49373 Source advisory: OSV:GHSA-CJ7J-23WF-MHRX...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49372 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49372 Source advisory: OSV:GHSA-9WVJ-WR2F-6MX6...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49377 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49377 Source advisory: OSV:GHSA-R6MG-FQ87-GW34...
GHSA-9WVJ-WR2F-6MX6 Cross-Site Request Forgery in JFinalCMS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/slide/save...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49378 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49378 Source advisory: OSV:GHSA-GW26-CCHC-8F2F...
Arbitrary Code Execution
JFinal is vulnerable to Arbitrary Code Execution. The vulnerability exists because the login.jsp page is not properly restricted which allows an attacker to access and modify the content to inject and execute arbitrary code into the system...
PT-2023-30467 · Jflyfox · Jfinalcms
Name of the Vulnerable Software and Affected Versions: jflyfox jfinalCMS version 5.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the "login.jsp" component in the template management module. Recommendations: For jflyfox jfinalCMS version 5.1....
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +162 more potentially affected by CVE-2021-31635 via com.jfinal:jfinal (>=1.4 <=4.9.08)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 - cn.dreampie:jfinal-captcha =0.1 and more Source cves: CVE-2021-31635 Source advisory: OSV:GHSA-CGMM-C2M9-FF7R...
jFinal Server-Side Template Injection vulnerability
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
CVE-2021-31635
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
CVE-2021-31635
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
Sql injection
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
PT-2023-12153 · Jfinal · Jfinal
Name of the Vulnerable Software and Affected Versions: jFinal version 4.9.08 Description: A Server-Side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via the template function. This enables the attacker to potentially gain control over the server. Recommendation...
JFinal 安全漏洞
JFinal is a Java language based WEB + ORM open source framework. A security vulnerability exists in JFinal version v.4.9.08, which originated from allowing remote attackers to execute arbitrary code via template functions...
CVE-2021-31635
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
CVE-2021-31635
CVE-2021-31635 : JFinal v4.9.08 contains a Server-Side Template Injection (SSTI) flaw in the template function that allows remote code execution. The NVD entry assigns a critical 9.8 base score (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Public references and distributor entries (Red Hat, Veracode, GH...
CVE-2023-34645
jfinal CMS 5.1.0 has an arbitrary file read vulnerability...
CVE-2023-34645
jfinal CMS 5.1.0 has an arbitrary file read vulnerability...
Arbitrary file deletion
jfinal CMS 5.1.0 has an arbitrary file read vulnerability...