592 matches found
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...
CVE-2020-19155
CVE-2020-19155 affects Jfinal CMS versions 4.7.1 and earlier. The vulnerability resides in the FileManager.rename() function (modules/filemanager/FileManagerController.java) due to improper access control, enabling remote attackers to obtain sensitive information and/or execute arbitrary code. Pu...
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...
CVE-2020-19154
The CVE-2020-19154 case concerns JFinal CMS (v4.7.1 and earlier) with an improper access control flaw in the FileManager.editFile() function of modules/filemanager/FileManagerController.java. The available documents state that this vulnerability allows remote attackers to obtain sensitive informa...
CVE-2020-19151
The CVE-2020-19151 entry concerns JFinal CMS (versions 4.7.1 and earlier) with a command injection flaw. The vulnerability arises when an attacker uploads a malicious HTML template file through the component jfinal_cms/admin/filemanager/list , enabling remote code execution. Affected software is ...
CVE-2020-19148
Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...
CVE-2020-19150
The CVE-2020-19150 entry concerns Jfinal CMS (versions 4.7.1 and earlier) with an improper access control flaw in the FileManager.delete() function (modules/filemanager/FileManagerController.java). The vulnerability permits remote attackers to obtain sensitive information or cause a denial of ser...
CVE-2020-19148
CVE-2020-19148 affects Jfinal CMS up to version 4.7.1. A Cross Site Scripting (XSS) flaw allows remote attackers to execute arbitrary code via the Nickname parameter in the /jfinal_cms/front/person/profile.html component. Exploitation details are not provided in the supplied documents, and no rem...
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...
CVE-2020-19147
CVE-2020-19147 affects Jfinal CMS versions 4.7.1 and earlier. The issue is improper access control in the file manager, specifically the getFolder() function in /modules/filemanager/FileManager.java, which allows remote attackers to obtain sensitive information. Documentation across multiple sour...
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...
CVE-2020-19146
CVE-2020-19146 affects Jfinal CMS versions 4.7.1 and earlier, where an improper access control flaw in the component jfinal_cms/admin/folder/list allows remote attackers to obtain sensitive information via the TemplatePath parameter. Root cause: insufficient access checks on the affected path. Im...
Jfinal CMS 跨站脚本漏洞
Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. cross-site scripting vulnerability exists in Jfinal CMS 4.7.1 and earlier versions. An...
Jfinal CMS 命令注入漏洞
Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist command injection vulnerability. An attacker can upload a...
Jfinal CMS 路径遍历漏洞
Jfinal CMS is a powerful information consulting website developed in java, using the JFinal web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions exist improper access control vulnerabilities. An attacker can use the...
Jfinal CMS 路径遍历漏洞
Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. an improper access control vulnerability exists in Jfinal CMS 4.7.1 and earlier...
PT-2021-10295 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: Jfinal CMS versions 4.7.1 and earlier Description: The issue allows remote attackers to obtain sensitive information and/or execute arbitrary code via the FileManager.rename function in the component...
Jfinal CMS 路径遍历漏洞
Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...