Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jflyfox vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-46087
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.
Jflyfox Jfinal Cms
6.5
CVSSv3
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
Jflyfox Jfinal Cms
6.5
CVSSv3
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.
Jflyfox Jfinal Cms
5.4
CVSSv3
CVE-2020-19148
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
Jflyfox Jfinal Cms
8.1
CVSSv3
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java...
Jflyfox Jfinal Cms
8.8
CVSSv3
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
Jflyfox Jfinal Cms
6.5
CVSSv3
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
Jflyfox Jfinal Cms
8.8
CVSSv3
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and previous versions allows remote malicious users to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java...
Jflyfox Jfinal Cms
7.5
CVSSv3
CVE-2021-40639
Improper access control in Jfinal CMS 5.1.0 allows malicious users to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
Jflyfox Jfinal Cms 5.1.0
8.8
CVSSv3
CVE-2022-34928
JFinal CMS v5.1.0 exists to contain a SQL injection vulnerability via /system/user.
Jflyfox Jfinal Cms 5.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »