Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jfinal jfinal vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2021-33348
An issue exists in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
Jfinal Jfinal
668
VMScore
CVE-2021-31649
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
Jfinal Jfinal
445
VMScore
CVE-2019-17352
In JFinal cos prior to 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain ...
Jfinal Jfinal
NA
CVE-2021-31635
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote malicious user to execute arbitrary code via the template function.
Jfinal Jfinal 4.9.08
312
VMScore
CVE-2021-46087
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.
Jflyfox Jfinal Cms
356
VMScore
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
Jflyfox Jfinal Cms
490
VMScore
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java...
Jflyfox Jfinal Cms
578
VMScore
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
Jflyfox Jfinal Cms
356
VMScore
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.
Jflyfox Jfinal Cms
312
VMScore
CVE-2020-19148
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
Jflyfox Jfinal Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »