Vulnerabilities (CVE)

Filtered by vendor Jflyfox Subscribe
Filtered by product Jfinal Cms
Total 49 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47503 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 9.8 CRITICAL
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
CVE-2023-34645 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.5 HIGH
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
CVE-2023-30349 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 9.8 CRITICAL
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
CVE-2023-24747 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 5.4 MEDIUM
Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.
CVE-2023-22975 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
CVE-2022-38286 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
CVE-2022-38285 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
CVE-2022-38284 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
CVE-2022-38283 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
CVE-2022-38282 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
CVE-2022-38281 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
CVE-2022-38280 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
CVE-2022-38279 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
CVE-2022-38278 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
CVE-2022-38277 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
CVE-2022-38276 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
CVE-2022-38275 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
CVE-2022-38274 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
CVE-2022-38273 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
CVE-2022-38272 1 Jflyfox 1 Jfinal Cms 2024-11-21 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.