CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19155
https://notcve.org/view.php?id=CVE-2020-19155
15 Sep 2021 — Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. Un control de acceso inapropiado en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos conseguir información confidencial y/o ejecutar código arbitrario por medio de la función "FileManager.rename()" en el componente "modules/filemanager/FileM... • https://cwe.mitre.org/data/definitions/73.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19154
https://notcve.org/view.php?id=CVE-2020-19154
15 Sep 2021 — Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. Un control de acceso inapropiado en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos conseguir información confidencial por medio de la función "FileManager.editFile()" en el componente "modules/filemanager/FileManagerController.java" • https://www.seebug.org/vuldb/ssvid-97882 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19151
https://notcve.org/view.php?id=CVE-2020-19151
15 Sep 2021 — Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. Una inyección de comandos en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos ejecutar código arbitrario cargando un archivo de plantilla HTML malicioso por medio del componente "jfinal_cms/admin/filemanager/list" • https://www.seebug.org/vuldb/ssvid-97881 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19148
https://notcve.org/view.php?id=CVE-2020-19148
15 Sep 2021 — Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio del parámetro "Nickname" en el componente "/jfinal_cms/front/person/profile.html" • https://www.seebug.org/vuldb/ssvid-97879 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19150
https://notcve.org/view.php?id=CVE-2020-19150
15 Sep 2021 — Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. Un control de acceso inapropiado en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos conseguir información confidencial o causar una denegación de servicio por medio de la función "FileManager.delete()" en el componente "modules/filemanager/F... • https://www.seebug.org/vuldb/ssvid-97885 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19147
https://notcve.org/view.php?id=CVE-2020-19147
15 Sep 2021 — Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. Un control de acceso inapropiado en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos conseguir información confidencial por medio de la función "getFolder()" en el componente "/modules/filemanager/FileManager.java" • https://www.seebug.org/vuldb/ssvid-97883 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19146
https://notcve.org/view.php?id=CVE-2020-19146
15 Sep 2021 — Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. Un control de acceso inapropiado en Jfinal CMS versiones v4.7.1 y anteriores, permite a atacantes remotos conseguir información confidencial por medio del parámetro "TemplatePath" en el componente "jfinal_cms/admin/folder/list" • https://www.seebug.org/vuldb/ssvid-97884 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •