Lucene search

K
JflyfoxJfinal Cms

8 matches found

cve
cve
added 2022/08/23 1:15 p.m.75 views

CVE-2022-37199

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.

9.8CVSS9.8AI score0.00077EPSS
cve
cve
added 2022/08/23 2:15 p.m.74 views

CVE-2022-37223

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.

9.8CVSS9.8AI score0.00077EPSS
cve
cve
added 2022/05/26 4:15 p.m.68 views

CVE-2022-30500

Jfinal cms 5.1.0 is vulnerable to SQL Injection.

9.8CVSS9.6AI score0.00233EPSS
cve
cve
added 2022/05/05 1:15 p.m.61 views

CVE-2021-42242

A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.

9.8CVSS9.5AI score0.02445EPSS
cve
cve
added 2022/09/20 5:15 p.m.39 views

CVE-2022-37204

Final CMS 5.1.0 is vulnerable to SQL Injection.

9.8CVSS9.6AI score0.00463EPSS
cve
cve
added 2022/09/19 4:15 p.m.37 views

CVE-2022-37203

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

9.8CVSS9.8AI score0.00537EPSS
cve
cve
added 2023/04/27 2:15 p.m.37 views

CVE-2023-30349

JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.

9.8CVSS9.8AI score0.02779EPSS
cve
cve
added 2023/11/28 2:15 a.m.25 views

CVE-2023-47503

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.

9.8CVSS9.5AI score0.01289EPSS