Show filters
49 Total Results
Displaying 21-30 of 49
Sort by:
Attacker Value
Unknown

CVE-2022-38279

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38278

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38277

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38276

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38275

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38274

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38273

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38272

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-36527

Disclosure Date: August 25, 2022 (last updated February 24, 2025)
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-37223

Disclosure Date: August 23, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >