CVE-2022-37207: SQL Injection
First published: Thu Sep 15 2022(Updated: )
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-37207?
The severity of CVE-2022-37207 is high.
What is the affected software version of CVE-2022-37207?
The affected software version of CVE-2022-37207 is JFinal CMS 5.1.0.
What is the CWE category of CVE-2022-37207?
The CWE category of CVE-2022-37207 is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).
How does CVE-2022-37207 impact JFinal CMS?
CVE-2022-37207 impacts JFinal CMS by allowing SQL injection attacks due to improper handling of user input.
How can I fix CVE-2022-37207?
To fix CVE-2022-37207, it is recommended to update to a patched version of JFinal CMS that addresses the SQL injection vulnerability.
- collector/nvd-index
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0