Lucene search
K
HeyeweiJfinalcms

8 matches found

CVE
CVE
added 2024/03/17 11:0 p.m.79 views

CVE-2024-2568

CVE-2024-2568 affects heyewei JFinalCMS 5.0.0, specifically the Custom Data Page’s file /admin/div_data/delete?divId=9. The issue is a SQL injection caused by lack of validation of externally supplied SQL, allowing remote exploitation. Multiple connected reports confirm the vulnerability and publ...

7.2CVSS5.2AI score0.00698EPSS
Web
CVE
CVE
added 2024/09/11 9:0 p.m.69 views

CVE-2024-8694

CVE-2024-8694 concerns JFinalCMS where the update function at /admin/template/update in com.cms.controller.admin.TemplateController is vulnerable to path traversal via the fileName parameter. The issue can be triggered remotely, and the exploit has been disclosed publicly. Affected versions are u...

5.1CVSS4.3AI score0.00792EPSS
Web
CVE
CVE
added 2024/09/11 11:31 p.m.66 views

CVE-2024-8706

CVE-2024-8706 affects JFinalCMS up to 20240903, where the function update in com.cms.util.TemplateUtils exposes a path traversal in the fileName argument of /admin/template/update. This allows a remote attacker to exploit the vulnerability, with public exploits reported. The CVSS details indicate...

6.5CVSS4.7AI score0.00749EPSS
Web
CVE
CVE
added 2024/05/24 9:0 a.m.63 views

CVE-2024-5310

CVE-2024-5310 affects JFinalCMS up to version 20221020, with the vulnerability located in the unknown portion of the file /admin/content . The issue arises from manipulation of the Title argument, leading to Cross-Site Scripting (XSS) . Exploitation is possible remotely, and the exploit has been ...

5.4CVSS3.4AI score0.00364EPSS
Web
CVE
CVE
added 2024/09/13 6:0 p.m.59 views

CVE-2024-8782

CVE-2024-8782 affects JFinalCMS up to version 1.0. The flaw is in the delete function of /admin/template/edit, where manipulating the name argument enables path traversal and remote deletion of arbitrary files. Multiple sources confirm the issue, with exploitation discussed publicly. Remediation ...

9.8CVSS6.8AI score0.00725EPSS
CVE
CVE
added 2024/05/26 10:0 p.m.57 views

CVE-2024-5379

CVE-2024-5379 is a cross-site scripting (XSS) vulnerability affecting JFinalCMS up to 20240111. The issue arises from manipulating the directory argument of the file under /admin/template , leading to XSS. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. Mu...

5.4CVSS3.7AI score0.00368EPSS
Web
CVE
CVE
added 2025/01/29 12:0 a.m.55 views

CVE-2024-57665

The CVE-2024-57665 entry concerns JFinalCMS 1.0, where SQL Injection arises in rc/main/java/com/cms/entity/Content.java because the title parameter is user-controlled and concatenated directly into filterSql without filtering. Affects Content.java logic; impact is high (as per CVSS 3.1: Critical,...

9.8CVSS7.6AI score0.00477EPSS
CVE
CVE
added 2026/02/09 1:2 a.m.14 views

CVE-2026-2200

CVE-2026-2200 affects heyewei JFinalCMS 5.0.0. The weakness is in the API endpoint file /admin/admin/save; input manipulation can cause cross-site scripting. Exploitation is possible remotely and public exploits exist. The provided sources do not specify a remediation or patch version.

4.8CVSS3.2AI score0.00223EPSS