CVE-2022-38282: SQL Injection
First published: Fri Sep 09 2022(Updated: )
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38282?
CVE-2022-38282 is a vulnerability in JFinal CMS 5.1.0 that allows SQL Injection via the /admin/videoalbum/list endpoint.
How severe is CVE-2022-38282?
CVE-2022-38282 has a severity rating of 7.2 (High).
How does the SQL Injection vulnerability occur in JFinal CMS 5.1.0?
The SQL Injection vulnerability occurs in JFinal CMS 5.1.0 due to insufficient sanitization of user-supplied input in the /admin/videoalbum/list endpoint.
How can I fix CVE-2022-38282?
To fix CVE-2022-38282, it is recommended to update JFinal CMS to a version that includes a patch for the vulnerability. Be sure to validate and sanitize user input to prevent SQL Injection attacks.
Where can I find more information about CVE-2022-38282?
You can find more information about CVE-2022-38282 at this reference link: https://github.com/jflyfox/jfinal_cms/issues/52
- collector/nvd-index
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0