8 matches found
CVE-2024-2568
CVE-2024-2568 affects heyewei JFinalCMS 5.0.0, specifically the Custom Data Page’s file /admin/div_data/delete?divId=9. The issue is a SQL injection caused by lack of validation of externally supplied SQL, allowing remote exploitation. Multiple connected reports confirm the vulnerability and publ...
CVE-2024-8694
CVE-2024-8694 concerns JFinalCMS where the update function at /admin/template/update in com.cms.controller.admin.TemplateController is vulnerable to path traversal via the fileName parameter. The issue can be triggered remotely, and the exploit has been disclosed publicly. Affected versions are u...
CVE-2024-8706
CVE-2024-8706 affects JFinalCMS up to 20240903, where the function update in com.cms.util.TemplateUtils exposes a path traversal in the fileName argument of /admin/template/update. This allows a remote attacker to exploit the vulnerability, with public exploits reported. The CVSS details indicate...
CVE-2024-5310
CVE-2024-5310 affects JFinalCMS up to version 20221020, with the vulnerability located in the unknown portion of the file /admin/content . The issue arises from manipulation of the Title argument, leading to Cross-Site Scripting (XSS) . Exploitation is possible remotely, and the exploit has been ...
CVE-2024-8782
CVE-2024-8782 affects JFinalCMS up to version 1.0. The flaw is in the delete function of /admin/template/edit, where manipulating the name argument enables path traversal and remote deletion of arbitrary files. Multiple sources confirm the issue, with exploitation discussed publicly. Remediation ...
CVE-2024-5379
CVE-2024-5379 is a cross-site scripting (XSS) vulnerability affecting JFinalCMS up to 20240111. The issue arises from manipulating the directory argument of the file under /admin/template , leading to XSS. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. Mu...
CVE-2024-57665
The CVE-2024-57665 entry concerns JFinalCMS 1.0, where SQL Injection arises in rc/main/java/com/cms/entity/Content.java because the title parameter is user-controlled and concatenated directly into filterSql without filtering. Affects Content.java logic; impact is high (as per CVSS 3.1: Critical,...
CVE-2026-2200
CVE-2026-2200 affects heyewei JFinalCMS 5.0.0. The weakness is in the API endpoint file /admin/admin/save; input manipulation can cause cross-site scripting. Exploitation is possible remotely and public exploits exist. The provided sources do not specify a remediation or patch version.