Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 8 hours ago4 views

CVE-2026-11473

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS
Exploits0References6
Cvelist
Cvelistadded 8 hours ago7 views

CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS
Exploits0References6
CVE
CVEadded 8 hours ago13 views

CVE-2026-11473

The CVE concerns jflyfox jfinal_cms (versions up to 5.1.0). The vulnerability is in AdvicefeedbackController.java list functionality, where improper handling of the orderBy argument enables SQL injection. This can be exploited remotely. The issue was reported early via an issue and no public resp...

6.5CVSS6.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKBadded 8 hours ago3 views

CVE-2026-11473

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS6.5AI score
Exploits0References7Affected Software1
EUVD
EUVDadded 8 hours ago6 views

EUVD-2026-35004

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS6.5AI score
Exploits0References6
Positive Technologies
Positive Technologiesadded 9 hours ago5 views

PT-2026-47205

A vulnerability was identified in jflyfox jfinal cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through ...

6.5CVSS6.5AI score
Exploits0References7
OSV
OSVadded 2025/06/16 5:15 a.m.1 views

CVE-2025-6105

A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...

8.8CVSS4.4AI score
Exploits0References4
CNNVD
CNNVDadded 2025/06/16 12:0 a.m.1 views

jflyfox jfinal_cms 安全漏洞

jflyfox jfinalcms is jflyfox open source a jfinal cms is a java development of a powerful information consulting website , using a simple and powerful JFinal as a web framework , the template engine with beetl, the database with mysql, front-end bootstrap framework . Support oauth2 authentication...

8.8CVSS4.9AI score0.00154EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2022/08/24 12:0 a.m.22 views

SQL injection in jflyfox jfinal

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/role/list...

9.8CVSS9.7AI score0.00245EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder