Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jfinal jfinal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-30500
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
Jflyfox Jfinal Cms 5.1.0
7.5
CVSSv2
CVE-2021-42242
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
Jflyfox Jfinal Cms 5.0.1
7.5
CVSSv2
CVE-2021-31649
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
Jfinal Jfinal
6.5
CVSSv2
CVE-2022-33114
Jfinal CMS v5.1.0 exists to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
Jflyfox Jfinal Cms 5.1.0
6.5
CVSSv2
CVE-2022-28505
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
Jflyfox Jfinal Cms 5.1.0
6.5
CVSSv2
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
Jflyfox Jfinal Cms
6.5
CVSSv2
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java...
Jflyfox Jfinal Cms
5.5
CVSSv2
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java...
Jflyfox Jfinal Cms
5
CVSSv2
CVE-2021-37262
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
Jflyfox Jfinal Cms 5.1.0
5
CVSSv2
CVE-2021-40639
Improper access control in Jfinal CMS 5.1.0 allows malicious users to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
Jflyfox Jfinal Cms 5.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »