Show filters
40 Total Results
Displaying 31-40 of 40
Sort by:
Attacker Value
Unknown

CVE-2022-37199

Disclosure Date: August 23, 2022 (last updated February 24, 2025)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-34928

Disclosure Date: August 03, 2022 (last updated February 24, 2025)
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-33114

Disclosure Date: June 23, 2022 (last updated February 23, 2025)
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-33113

Disclosure Date: June 23, 2022 (last updated February 23, 2025)
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29648

Disclosure Date: June 02, 2022 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-30500

Disclosure Date: May 26, 2022 (last updated February 23, 2025)
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-28505

Disclosure Date: May 03, 2022 (last updated February 23, 2025)
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-27111

Disclosure Date: April 11, 2022 (last updated February 23, 2025)
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-37262

Disclosure Date: December 16, 2021 (last updated February 23, 2025)
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-40639

Disclosure Date: September 15, 2021 (last updated February 23, 2025)
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous