CVE-2022-37209: SQL Injection
First published: Tue Sep 27 2022(Updated: )
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for JFinal CMS 5.1.0?
The vulnerability ID for JFinal CMS 5.1.0 is CVE-2022-37209.
What is the severity of CVE-2022-37209?
CVE-2022-37209 has a severity keyword of 'high' and a severity value of 8.8.
What is the affected software for CVE-2022-37209?
The affected software for CVE-2022-37209 is Jflyfox Jfinal Cms version 5.1.0.
What is the description of the vulnerability?
JFinal CMS 5.1.0 is affected by a SQL Injection vulnerability where each interface uses its own SQL concatenation method, resulting in SQL injection.
How can the SQL Injection vulnerability be exploited?
The SQL Injection vulnerability can be exploited by manipulating the SQL concatenation method used by the affected interfaces in JFinal CMS 5.1.0.
- collector/nvd-index
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0