Lucene search
+L

99 matches found

cve
cve
added 2025/01/16 12:0 a.m.52 views

CVE-2024-57772

CVE-2024-57772 describes an XSS vulnerability in JFinalOA affecting the web path "/bumph/getDraftListPage?type". Affected versions are those prior to 2025.01.01. Exploitation could allow an attacker to execute arbitrary web scripts or HTML via a crafted payload, with impact described as partial c...

4.8CVSS5.6AI score0.00279EPSS
Exploits1References1Affected Software1
cve
cve
added 2025/01/16 12:0 a.m.47 views

CVE-2024-57775

CVE-2024-57775 affects JFinalOA prior to v2025.01.01, with a SQL injection in the getWorkFlowHis?insid component. The vulnerability is documented across multiple feeds; impact is high (CVE CVSS 3.1: HIGH, network attack, no user interaction). A fix is indicated by the stated version boundary, sug...

8.8CVSS8.3AI score0.00568EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2023/02/09 11:15 a.m.25 views

CVE-2023-0758

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS7.4AI score0.00608EPSS
Exploits0References3
osv
osv
added 2023/02/09 11:15 a.m.7 views

CVE-2023-0758

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS5.7AI score0.00608EPSS
Exploits0References3
prion
prion
added 2023/02/09 11:15 a.m.24 views

Sql injection

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

6.5CVSS9.7AI score0.00608EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2023/02/09 10:59 a.m.33 views

CVE-2023-0758 glorylion JFinalOA SysOrg.java sql injection

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

6.5CVSS10AI score0.00608EPSS
Exploits0References3
cve
cve
added 2023/02/09 10:59 a.m.55 views

CVE-2023-0758

CVE-2023-0758 affects glorylion JFinalOA 1.0.2. A SQL injection flaw arises from the id parameter in SysOrg.java (src/main/java/com/pointlion/mvc/common/model/SysOrg.java). The issue can be exploited remotely and leads to high impact on confidentiality, integrity, and availability. Multiple conne...

9.8CVSS8.3AI score0.00608EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2023/02/09 12:0 a.m.12 views

PT-2023-16506 · Glorylion · Jfinaloa

Name of the Vulnerable Software and Affected Versions: glorylion JFinalOA version 1.0.2 Description: A critical issue affects the processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java, where the manipulation of the id argument leads to sql injection. The attack can be...

9.8CVSS6.9AI score0.00608EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/02/09 12:0 a.m.8 views

JFinalOA SQL注入漏洞

JFinalOA is an enterprise office system based on the JFinal framework. A SQL injection vulnerability exists in JFinalOA version 1.0.2, which originates from the id parameter of the src/main/java/com/pointlion/mvc/common/model/SysOrg.java file that could lead to SQL injection...

9.8CVSS7.2AI score0.00608EPSS
Exploits0References4
cnvd
cnvd
added 2022/03/31 12:0 a.m.35 views

JFinalOA SQL Injection Vulnerability

JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...

6.5CVSS5.3AI score0.0108EPSS
Exploits1References1
attackerkb
attackerkb
added 2022/03/30 9:15 p.m.5 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

6.5CVSS6.7AI score0.0108EPSS
Exploits1References3
osv
osv
added 2022/03/30 9:15 p.m.5 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

6.5CVSS5.8AI score0.0108EPSS
Exploits1References2
nvd
nvd
added 2022/03/30 9:15 p.m.23 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

6.5CVSS0.0108EPSS
Exploits1References2
prion
prion
added 2022/03/30 9:15 p.m.20 views

Sql injection

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

4CVSS7AI score0.0108EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/03/30 8:56 p.m.23 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

7.3AI score0.0108EPSS
Exploits1References2
cve
cve
added 2022/03/30 8:56 p.m.71 views

CVE-2021-40645

glorylion JFinalOA contains an SQL injection in the defkey parameter of FlowTaskController.getHaveDoneTaskDataList. The root cause is improper handling of the defkey input, enabling arbitrary SQL execution with potential HIGH confidentiality impact. Affected versions/details are not provided in t...

6.5CVSS7AI score0.0108EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2021/02/25 12:0 a.m.3 views

SQL Injection Vulnerability in JFinalOA

JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from the database...

7.4AI score
Exploits0
cnvd
cnvd
added 2020/12/14 12:0 a.m.6 views

SQL Injection Vulnerability in JFinalOA Frontend

JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA front-end SQL injection vulnerability can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
cnvd
cnvd
added 2020/09/28 12:0 a.m.1 views

SQL Injection Vulnerability in JfinalOA

JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...

7.7AI score
Exploits0
Rows per page
Query Builder