Filtered by vendor Jflyfox
Subscriptions
Filtered by product Jfinal Cms
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38278 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. | ||||
| CVE-2022-38279 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. | ||||
| CVE-2022-38280 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. | ||||
| CVE-2022-38281 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. | ||||
| CVE-2022-38272 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. | ||||
| CVE-2022-38273 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. | ||||
| CVE-2022-38274 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. | ||||
| CVE-2022-38275 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. | ||||
| CVE-2022-38276 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | 7.2 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. | ||||
| CVE-2022-36527 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-27 | 5.4 Medium |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | ||||
| CVE-2022-37223 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-25 | 9.8 Critical |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | ||||
| CVE-2022-37199 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-25 | 9.8 Critical |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | ||||
| CVE-2022-34928 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-06 | 8.8 High |
| JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | ||||
| CVE-2020-19150 | 1 Jflyfox | 1 Jfinal Cms | 2022-07-12 | 8.1 High |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2020-19154 | 1 Jflyfox | 1 Jfinal Cms | 2022-07-12 | 6.5 Medium |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2022-07-12 | 7.5 High |
| Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | ||||
| CVE-2022-33114 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-29 | 7.2 High |
| Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | ||||
| CVE-2022-33113 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-29 | 5.4 Medium |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | ||||
| CVE-2022-29648 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-09 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | ||||
| CVE-2022-30500 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-03 | 9.8 Critical |
| Jfinal cms 5.1.0 is vulnerable to SQL Injection. | ||||