CVE-2023-30349
First published: Thu Apr 27 2023(Updated: )
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 | |
| maven/com.jflyfox:jflyfox_jfinal | <=5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-30349?
The severity of CVE-2023-30349 is critical with a CVSS score of 9.8.
How can I exploit the remote code execution vulnerability in JFinal CMS v5.1.0?
We do not provide guidance or support for exploiting vulnerabilities. It is recommended to report the vulnerability to the software vendor or follow responsible disclosure practices.
How can I fix the remote code execution vulnerability in JFinal CMS v5.1.0?
Apply the latest security patch or update provided by the software vendor to fix the remote code execution vulnerability in JFinal CMS v5.1.0.
Is there a known workaround for CVE-2023-30349?
There is currently no known workaround for CVE-2023-30349. It is recommended to apply the official patch or update.
Where can I find more information about CVE-2023-30349?
You can find more information about CVE-2023-30349 from the reference link: https://github.com/jflyfox/jfinal_cms/issues/54
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-8qhm-ch8h-xgjr
- alias/CVE-2023-30349
- collector/nvd-cve
- collector/github-advisory
- agent/type
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0
- package-manager/maven