CVE-2022-33114: SQL Injection
First published: Thu Jun 23 2022(Updated: )
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Jfinal CMS v5.1.0?
The vulnerability ID for Jfinal CMS v5.1.0 is CVE-2022-33114.
What is the severity of CVE-2022-33114?
The severity of CVE-2022-33114 is high with a CVSS score of 7.2.
How does the SQL injection vulnerability in Jfinal CMS v5.1.0 work?
The SQL injection vulnerability in Jfinal CMS v5.1.0 occurs when the attrVal parameter is not properly sanitized, allowing an attacker to inject malicious SQL statements.
How can I fix the SQL injection vulnerability in Jfinal CMS v5.1.0?
To fix the SQL injection vulnerability in Jfinal CMS v5.1.0, it is recommended to update to a patched version of the software or apply any available security patches.
Where can I find more information about CVE-2022-33114?
You can find more information about CVE-2022-33114 on the GitHub issue page: https://github.com/jflyfox/jfinal_cms/issues/38.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/tags
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0