Vulnerabilities > Jfinalcms Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-49397 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. | 8.8 |
| 2023-12-05 | CVE-2023-49398 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. | 8.8 |
| 2023-12-05 | CVE-2023-49446 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | 8.8 |
| 2023-12-05 | CVE-2023-49447 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | 8.8 |
| 2023-12-05 | CVE-2023-49448 | Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | 8.8 |
| 2023-09-19 | CVE-2023-41599 | Path Traversal vulnerability in Jfinalcms Project Jfinalcms 5.0.0 An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | 5.3 |
| 2022-04-22 | CVE-2022-27341 | SQL Injection vulnerability in Jfinalcms Project Jfinalcms 2.0 JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. | 9.8 |