Filtered by vendor Jflyfox Subscriptions
Total 49 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-38278 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
CVE-2022-38279 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
CVE-2022-38280 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
CVE-2022-38281 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
CVE-2022-38272 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
CVE-2022-38273 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
CVE-2022-38274 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
CVE-2022-38275 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
CVE-2022-38276 1 Jflyfox 1 Jfinal Cms 2022-09-13 7.2 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
CVE-2022-36527 1 Jflyfox 1 Jfinal Cms 2022-08-27 5.4 Medium
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
CVE-2022-37223 1 Jflyfox 1 Jfinal Cms 2022-08-25 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVE-2022-37199 1 Jflyfox 1 Jfinal Cms 2022-08-25 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
CVE-2022-34928 1 Jflyfox 1 Jfinal Cms 2022-08-06 8.8 High
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
CVE-2021-40639 1 Jflyfox 1 Jfinal Cms 2022-07-12 7.5 High
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
CVE-2020-19150 1 Jflyfox 1 Jfinal Cms 2022-07-12 8.1 High
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
CVE-2020-19154 1 Jflyfox 1 Jfinal Cms 2022-07-12 6.5 Medium
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
CVE-2022-33114 1 Jflyfox 1 Jfinal Cms 2022-06-29 7.2 High
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
CVE-2022-33113 1 Jflyfox 1 Jfinal Cms 2022-06-29 5.4 Medium
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
CVE-2022-29648 1 Jflyfox 1 Jfinal Cms 2022-06-09 5.4 Medium
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
CVE-2022-30500 1 Jflyfox 1 Jfinal Cms 2022-06-03 9.8 Critical
Jfinal cms 5.1.0 is vulnerable to SQL Injection.