3 matches found
CVE-2024-12350
The CVE-2024-12350 entry concerns JFinalCMS 1.0, specifically the Template Handler’s update function in TemplateController.java. The vulnerability stems from manipulation of the content argument, enabling a command injection that can be triggered remotely, with exploits disclosed publicly. Remedi...
CVE-2024-12349
CVE-2024-12349 affects JFinalCMS 1.0. The vulnerability is a cross-site request forgery in the /admin/tag/save endpoint, enabling remote exploitation. The issue stems from insufficient verification of the requester, with exploit information publicly disclosed. Connected sources corroborate CSRF i...
CVE-2024-12351
CVE-2024-12351 affects JFinalCMS 1.0 in the File Content Handler (ContentModel.java findPage). The root cause is manipulation of the argument name that leads to an SQL injection, allowing remote exploitation. Public references describe the issue as critical with high impact to confidentiality, in...