CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47503
https://notcve.org/view.php?id=CVE-2023-47503
28 Nov 2023 — An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. Un problema en jflyfox jfinalCMS v.5.1.0 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el componente login.jsp en el módulo de administración de plantillas. • https://github.com/jflyfox/jfinal_cms/issues/58 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34645
https://notcve.org/view.php?id=CVE-2023-34645
16 Jun 2023 — jfinal CMS 5.1.0 has an arbitrary file read vulnerability. Jfinal CMS v5.1.0 tiene una vulnerabilidad de lectura arbitraria de archivos. • https://github.com/jflyfox/jfinal_cms/issues/57 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-30349
https://notcve.org/view.php?id=CVE-2023-30349
27 Apr 2023 — JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. • https://github.com/jflyfox/jfinal_cms/issues/54 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24747
https://notcve.org/view.php?id=CVE-2023-24747
05 Apr 2023 — Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. • https://gist.github.com/Threonic/a262c19ed5027e5a7fe0b97b62b10a08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22975
https://notcve.org/view.php?id=CVE-2023-22975
03 Feb 2023 — A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html. • https://github.com/jflyfox/jfinal_cms/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-37202
https://notcve.org/view.php?id=CVE-2022-37202
26 Oct 2022 — JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list JFinal CMS versión 5.1.0, es vulnerable a una inyección SQL por medio de /admin/advicefeedback/list • https://github.com/AgainstTheLight/CVE-2022-37202 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37208
https://notcve.org/view.php?id=CVE-2022-37208
13 Oct 2022 — JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. JFinal CMS versión 5.1.0, es vulnerable a una inyección SQL. Estas interfaces no usan el mismo componente, ni presentan filtros, sino que cada una usa su propio método de concatenación SQL, resultando en una inyección SQL • https://github.com/AgainstTheLight/CVE-2022-37208 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-37209
https://notcve.org/view.php?id=CVE-2022-37209
27 Sep 2022 — JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. JFinal CMS versión 5.1.0, está afectado por: Inyección SQL. Estas interfaces no usan el mismo componente, ni presentan filtros, sino que cada una usa su propio método de concatenación SQL, resultando en una inyección SQL • https://github.com/AgainstTheLight/CVE-2022-37209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37205
https://notcve.org/view.php?id=CVE-2022-37205
20 Sep 2022 — JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. JFinal CMS versión 5.1.0 está afectado por: Inyección SQL. Estas interfaces no usan el mismo componente, ni presentan filtros, sino que cada una usa su propio método de concatenación SQL, resultando en una inyección SQL • https://github.com/AgainstTheLight/CVE-2022-37205 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37204
https://notcve.org/view.php?id=CVE-2022-37204
20 Sep 2022 — Final CMS 5.1.0 is vulnerable to SQL Injection. Final CMS versión 5.1.0, es vulnerable a una inyección SQL • https://github.com/AgainstTheLight/CVE-2022-37204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •