Lucene search
K

592 matches found

Cvelist
Cvelist
added 2021/09/15 1:52 p.m.25 views

CVE-2020-19155

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

8.9AI score0.07522EPSS
Exploits1References2
CVE
CVE
added 2021/09/15 1:52 p.m.51 views

CVE-2020-19155

CVE-2020-19155 affects Jfinal CMS versions 4.7.1 and earlier. The vulnerability resides in the FileManager.rename() function (modules/filemanager/FileManagerController.java) due to improper access control, enabling remote attackers to obtain sensitive information and/or execute arbitrary code. Pu...

8.8CVSS8.8AI score0.07522EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.17 views

CVE-2020-19151

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

9.1AI score0.05031EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.19 views

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

6.4AI score0.03876EPSS
Exploits1References1
CVE
CVE
added 2021/09/15 1:52 p.m.51 views

CVE-2020-19154

The CVE-2020-19154 case concerns JFinal CMS (v4.7.1 and earlier) with an improper access control flaw in the FileManager.editFile() function of modules/filemanager/FileManagerController.java. The available documents state that this vulnerability allows remote attackers to obtain sensitive informa...

6.5CVSS6.2AI score0.03876EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/09/15 1:52 p.m.45 views

CVE-2020-19151

The CVE-2020-19151 entry concerns JFinal CMS (versions 4.7.1 and earlier) with a command injection flaw. The vulnerability arises when an attacker uploads a malicious HTML template file through the component jfinal_cms/admin/filemanager/list , enabling remote code execution. Affected software is ...

8.8CVSS9.1AI score0.05031EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.19 views

CVE-2020-19148

Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...

5.7AI score0.01083EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.21 views

CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...

8AI score0.0349EPSS
Exploits1References1
CVE
CVE
added 2021/09/15 1:52 p.m.42 views

CVE-2020-19150

The CVE-2020-19150 entry concerns Jfinal CMS (versions 4.7.1 and earlier) with an improper access control flaw in the FileManager.delete() function (modules/filemanager/FileManagerController.java). The vulnerability permits remote attackers to obtain sensitive information or cause a denial of ser...

8.1CVSS7.9AI score0.0349EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/09/15 1:52 p.m.44 views

CVE-2020-19148

CVE-2020-19148 affects Jfinal CMS up to version 4.7.1. A Cross Site Scripting (XSS) flaw allows remote attackers to execute arbitrary code via the Nickname parameter in the /jfinal_cms/front/person/profile.html component. Exploitation details are not provided in the supplied documents, and no rem...

5.4CVSS5.7AI score0.01083EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.22 views

CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...

6.5AI score0.01601EPSS
Exploits1References1
CVE
CVE
added 2021/09/15 1:52 p.m.41 views

CVE-2020-19147

CVE-2020-19147 affects Jfinal CMS versions 4.7.1 and earlier. The issue is improper access control in the file manager, specifically the getFolder() function in /modules/filemanager/FileManager.java, which allows remote attackers to obtain sensitive information. Documentation across multiple sour...

6.5CVSS6.4AI score0.01601EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.19 views

CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

6.4AI score0.01909EPSS
Exploits1References1
CVE
CVE
added 2021/09/15 1:52 p.m.49 views

CVE-2020-19146

CVE-2020-19146 affects Jfinal CMS versions 4.7.1 and earlier, where an improper access control flaw in the component jfinal_cms/admin/folder/list allows remote attackers to obtain sensitive information via the TemplatePath parameter. Root cause: insufficient access checks on the affected path. Im...

6.5CVSS6.3AI score0.01909EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.5 views

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. cross-site scripting vulnerability exists in Jfinal CMS 4.7.1 and earlier versions. An...

5.4CVSS5.7AI score0.01083EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

Jfinal CMS 命令注入漏洞

Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist command injection vulnerability. An attacker can upload a...

8.8CVSS6.2AI score0.05031EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.6 views

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java, using the JFinal web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist improper access control vulnerabilities. An attacker can use the...

8.8CVSS6AI score0.07522EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. an improper access control vulnerability exists in Jfinal CMS 4.7.1 and earlier...

6.5CVSS5.6AI score0.01601EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/09/15 12:0 a.m.5 views

PT-2021-10295 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: Jfinal CMS versions 4.7.1 and earlier Description: The issue allows remote attackers to obtain sensitive information and/or execute arbitrary code via the FileManager.rename function in the component...

8.8CVSS8.9AI score0.07522EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...

8.1CVSS5.6AI score0.0349EPSS
Exploits1References2
Rows per page
Query Builder