Product:

Jfinal_cms

(Jflyfox)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 49
Date Id Summary Products Score Patch Annotated
2022-09-20 CVE-2022-37204 Final CMS 5.1.0 is vulnerable to SQL Injection. Jfinal_cms 9.8
2022-09-20 CVE-2022-37205 JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. Jfinal_cms 8.8
2022-09-27 CVE-2022-37209 JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. Jfinal_cms 8.8
2022-10-13 CVE-2022-37208 JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. Jfinal_cms 8.8
2022-10-26 CVE-2022-37202 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list Jfinal_cms 8.8
2023-04-05 CVE-2023-24747 Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. Jfinal_cms 5.4
2023-04-27 CVE-2023-30349 JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. Jfinal_cms 9.8
2023-06-16 CVE-2023-34645 jfinal CMS 5.1.0 has an arbitrary file read vulnerability. Jfinal_cms 7.5
2021-09-15 CVE-2020-19146 Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. Jfinal_cms 6.5
2021-09-15 CVE-2020-19147 Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. Jfinal_cms 6.5