9 matches found
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...
CVE-2024-57769
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser...
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...
CVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key...
CVE-2024-57769
CVE-2024-57769 affects JFinalOA prior to 2025.01.01, where a SQL injection flaw exists in the component borrowmoney/listData?applyUser . The issue is caused by improper handling of user input in this endpoint, enabling high-severity (C/H, I/H, A/H) impact per CVSS 3.1 with NETWORK attack vector, ...
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...
SQL Injection Vulnerability in JFinalOA
JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from the database...