591 matches found
CVE-2023-34645
jfinal CMS 5.1.0 has an arbitrary file read vulnerability...
CVE-2023-30349
JFinal CMS v5.1.0 was discovered to contain a remote code execution RCE vulnerability via the ActionEnter function...
CVE-2023-22975
A cross-site scripting XSS vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html...
CVE-2023-24747
Jfinal CMS v5.1 was discovered to contain a cross-site scripting XSS vulnerability via the component /system/dict/list...
CVE-2022-37209
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...
CVE-2022-33114
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinalcms/system/dict/list...
CVE-2022-34928
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...
CVE-2022-38279
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-38285
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...
CVE-2022-38276
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list...
CVE-2022-38284
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list...
CVE-2022-38275
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list...
CVE-2022-37223
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/role/list...
CVE-2022-30500
Jfinal cms 5.1.0 is vulnerable to SQL Injection...
CVE-2022-29648
A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...
CVE-2022-38280
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list...
CVE-2021-31635
Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...
CVE-2020-19148
Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...