99 matches found
CVE-2024-57772
CVE-2024-57772 describes an XSS vulnerability in JFinalOA affecting the web path "/bumph/getDraftListPage?type". Affected versions are those prior to 2025.01.01. Exploitation could allow an attacker to execute arbitrary web scripts or HTML via a crafted payload, with impact described as partial c...
CVE-2024-57775
CVE-2024-57775 affects JFinalOA prior to v2025.01.01, with a SQL injection in the getWorkFlowHis?insid component. The vulnerability is documented across multiple feeds; impact is high (CVE CVSS 3.1: HIGH, network attack, no user interaction). A fix is indicated by the stated version boundary, sug...
CVE-2023-0758
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2023-0758
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
Sql injection
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2023-0758 glorylion JFinalOA SysOrg.java sql injection
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2023-0758
CVE-2023-0758 affects glorylion JFinalOA 1.0.2. A SQL injection flaw arises from the id parameter in SysOrg.java (src/main/java/com/pointlion/mvc/common/model/SysOrg.java). The issue can be exploited remotely and leads to high impact on confidentiality, integrity, and availability. Multiple conne...
PT-2023-16506 · Glorylion · Jfinaloa
Name of the Vulnerable Software and Affected Versions: glorylion JFinalOA version 1.0.2 Description: A critical issue affects the processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java, where the manipulation of the id argument leads to sql injection. The attack can be...
JFinalOA SQL注入漏洞
JFinalOA is an enterprise office system based on the JFinal framework. A SQL injection vulnerability exists in JFinalOA version 1.0.2, which originates from the id parameter of the src/main/java/com/pointlion/mvc/common/model/SysOrg.java file that could lead to SQL injection...
JFinalOA SQL Injection Vulnerability
JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
Sql injection
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...
CVE-2021-40645
glorylion JFinalOA contains an SQL injection in the defkey parameter of FlowTaskController.getHaveDoneTaskDataList. The root cause is improper handling of the defkey input, enabling arbitrary SQL execution with potential HIGH confidentiality impact. Affected versions/details are not provided in t...
SQL Injection Vulnerability in JFinalOA
JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from the database...
SQL Injection Vulnerability in JFinalOA Frontend
JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA front-end SQL injection vulnerability can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in JfinalOA
JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...