CVE-2022-34928: SQL Injection
First published: Wed Aug 03 2022(Updated: )
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability in JFinal CMS v5.1.0?
The vulnerability ID for this vulnerability in JFinal CMS v5.1.0 is CVE-2022-34928.
What is the severity of CVE-2022-34928?
The severity of CVE-2022-34928 is high with a score of 8.8.
How does CVE-2022-34928 affect JFinal CMS v5.1.0?
CVE-2022-34928 affects JFinal CMS v5.1.0 by allowing an attacker to perform SQL injection via the /system/user endpoint.
How can I fix the SQL injection vulnerability in JFinal CMS v5.1.0?
To fix the SQL injection vulnerability in JFinal CMS v5.1.0, it is recommended to update to a patched version provided by the vendor.
Where can I find more information about CVE-2022-34928?
More information about CVE-2022-34928 can be found at the following reference link: [GitHub - jflyfox/jfinal_cms/issues/43](https://github.com/jflyfox/jfinal_cms/issues/43).
- collector/nvd-index
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0