Latest jflyfox jfinal cms Vulnerabilities

CVE-2023-47503
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
Jflyfox Jfinal Cms=5.1.0
CVE-2023-34645
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
Jflyfox Jfinal Cms=5.1.0
CVE-2023-30349
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
Jflyfox Jfinal Cms=5.1.0
maven/com.jflyfox:jflyfox_jfinal<=5.1.0
CVE-2023-24747
Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.
Jflyfox Jfinal Cms=5.1
CVE-2023-22975
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/pr...
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37202
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37208
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37209
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37205
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37204
Final CMS 5.1.0 is vulnerable to SQL Injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37203
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37201
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37207
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38281
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38282
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38279
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38277
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38286
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38280
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38284
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38283
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38285
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38278
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38273
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38276
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38272
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38275
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-38274
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37223
Jflyfox Jfinal Cms=5.1.0
CVE-2022-37199
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-34928
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-33114
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-29648
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-30500
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
Jflyfox Jfinal Cms=5.1.0
CVE-2021-42242
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
Jflyfox Jfinal Cms=5.0.1
CVE-2022-28505
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
Jflyfox Jfinal Cms=5.1.0
CVE-2022-27111
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
Jflyfox Jfinal Cms=5.1.0
CVE-2021-46087
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background...
Jflyfox Jfinal Cms>=5.1.0
CVE-2021-37262
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
Jflyfox Jfinal Cms=5.1.0
CVE-2021-40639
Jflyfox Jfinal Cms=5.1.0
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileMan...
Jflyfox Jfinal Cms<=4.7.1
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
Jflyfox Jfinal Cms<=4.7.1
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component ...
Jflyfox Jfinal Cms<=4.7.1
CVE-2020-19150
Jflyfox Jfinal Cms<=4.7.1
CVE-2020-19148
Jflyfox Jfinal Cms<=4.7.1
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'...
Jflyfox Jfinal Cms<=4.7.1
CVE-2020-19146
Jflyfox Jfinal Cms<=4.7.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203