CVE-2022-38272: SQL Injection
First published: Fri Sep 09 2022(Updated: )
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of JFinal CMS 5.1.0 vulnerability?
The vulnerability ID is CVE-2022-38272.
What is the severity level of CVE-2022-38272?
The severity level of CVE-2022-38272 is high with a severity value of 7.2.
How does CVE-2022-38272 affect JFinal CMS 5.1.0?
CVE-2022-38272 allows SQL Injection via the /admin/article/list endpoint in JFinal CMS 5.1.0.
Is there a fix available for CVE-2022-38272 in JFinal CMS 5.1.0?
Currently, there is no official fix available for CVE-2022-38272 in JFinal CMS 5.1.0. It is recommended to update to a patched version or apply a workaround.
Where can I find more information about CVE-2022-38272?
You can find more information about CVE-2022-38272 at the following link: https://github.com/jflyfox/jfinal_cms/issues/51
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0