In JFinal cos prior to 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jfinal jfinal |