📦 Jfinal Cms

JFinal CMS 5.1.0 contains a deserialization vulnerability in ApiForm.java that allows unauthenticated attackers to execute arbitrary commands on the server. This affects all systems running the vulner...

This vulnerability allows remote attackers to execute arbitrary code on jfinalCMS systems through a crafted script in the login.jsp template management component. It affects all organizations running ...

JFinal CMS v5.1.0 contains a critical remote code execution vulnerability in the ActionEnter function that allows attackers to execute arbitrary code on affected systems. This affects all deployments ...

CVE-2022-30500 is a SQL injection vulnerability in Jfinal CMS 5.1.0 that allows attackers to execute arbitrary SQL commands through crafted inputs. This affects all deployments running the vulnerable ...

CVE-2021-42242 is a critical remote code execution vulnerability in jfinal_cms 5.0.1 that allows attackers to execute arbitrary commands on affected systems via the Ueditor component. This affects all...

CVE-2023-34645 is an arbitrary file read vulnerability in jfinal CMS 5.1.0 that allows attackers to read sensitive files from the server filesystem. This affects all deployments running the vulnerable...

CVE-2022-33114 is a SQL injection vulnerability in Jfinal CMS v5.1.0 that allows attackers to execute arbitrary SQL commands via the attrVal parameter in the /jfinal_cms/system/dict/list endpoint. Thi...

CVE-2021-37262 is a regex injection vulnerability in JFinal_cms 5.1.0 that allows attackers to craft malicious regular expressions, causing excessive CPU consumption and denial of service. This affect...

This vulnerability in Jfinal CMS 5.1.0 allows attackers to bypass access controls and access sensitive configuration files containing database credentials and system settings. Any organization running...