26 matches found
CVE-2026-11473
A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...
CVE-2026-11473
A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...
CVE-2026-11473
A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...
EUVD-2026-35004
A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...
CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection
A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...
CVE-2026-11473
The CVE concerns jflyfox jfinal_cms (versions up to 5.1.0). The vulnerability is in AdvicefeedbackController.java list functionality, where improper handling of the orderBy argument enables SQL injection. This can be exploited remotely. The issue was reported early via an issue and no public resp...
jflyfox jfinal_cms 注入漏洞
jflyfox jfinalcms is a powerful information consulting website developed by jflyfox as open source. It uses the concise and robust JFinal as the web framework, Beetl as the template engine, MySQL as the database, and the Bootstrap framework for the front end. Versions of jflyfox jfinalcms 5.1.0 a...
PT-2026-47205
A vulnerability was identified in jflyfox jfinal cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through ...
EUVD-2025-18363
Malicious code in bioql PyPI...
EUVD-2023-51614
Malicious code in bioql PyPI...
CVE-2025-6105
A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-6105
A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-6105
A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-6105 jflyfox jfinal_cms HOME.java cross-site request forgery
A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-6105 jflyfox jfinal_cms HOME.java cross-site request forgery
A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-6105
CVE-2025-6105 affects jflyfox jfinal_cms 5.0.1. The vulnerability is a cross-site request forgery in the HOME.java Logout argument, allowing remote abuse and potentially unauthorized operations. Exploitation is publicly disclosed; vendor response is noted as absent in the sources. Connected docum...
PT-2025-25516 · Jflyfox · Jfinalcms
Name of the Vulnerable Software and Affected Versions: jflyfox jfinal cms version 5.0.1 Description: A cross-site request forgery issue has been identified, affecting the HOME.java file. The manipulation of the Logout argument can lead to this issue. The attack can be initiated remotely...
jflyfox jfinal_cms 安全漏洞
jflyfox jfinalcms is jflyfox open source a jfinal cms is a java development of a powerful information consulting website , using a simple and powerful JFinal as a web framework , the template engine with beetl, the database with mysql, front-end bootstrap framework . Support oauth2 authentication...
CVE-2023-47503
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module...
CVE-2023-47503
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module...