Vulnerabilities > Jfinalcms Project > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-16 CVE-2024-40322 SQL Injection vulnerability in Jfinalcms Project Jfinalcms 5.0.0
An issue was discovered in JFinalCMS v.5.0.0.
network
low complexity
jfinalcms-project CWE-89
8.8
8.8
2023-12-10 CVE-2023-50449 Path Traversal vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
network
low complexity
jfinalcms-project CWE-22
7.5
7.5
2023-12-05 CVE-2023-49372 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49373 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49374 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49375 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49376 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49377 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49378 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8
2023-12-05 CVE-2023-49379 Cross-Site Request Forgery (CSRF) vulnerability in Jfinalcms Project Jfinalcms 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
network
low complexity
jfinalcms-project CWE-352
8.8
8.8