Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jflyfox vulnerabilities and exploits

(subscribe to this query)

5.4
CVSSv3
CVE-2020-19148
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'....
Jflyfox Jfinal Cms
5.4
CVSSv3
CVE-2022-27111
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it....
Jflyfox Jfinal Cms 5.1.0
6.5
CVSSv3
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'....
Jflyfox Jfinal Cms
8.8
CVSSv3
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'....
Jflyfox Jfinal Cms
7.5
CVSSv3
CVE-2021-37262
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service....
Jflyfox Jfinal Cms 5.1.0
9.8
CVSSv3
CVE-2021-42242
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor....
Jflyfox Jfinal Cms 5.0.1
5.4
CVSSv3
CVE-2021-46087
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code....
Jflyfox Jfinal Cms
8.8
CVSSv3
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'....
Jflyfox Jfinal Cms
6.5
CVSSv3
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'....
Jflyfox Jfinal Cms
9.8
CVSSv3
CVE-2022-30500
Jfinal cms 5.1.0 is vulnerable to SQL Injection....
Jflyfox Jfinal Cms 5.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-2617CVE-2022-28627unauthorizedbrute forceCVE-2021-43908CVE-2021-29112cameraCVE-2022-28632CVE-2022-34713
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook