Vulnerabilities > Jfinaloa Project > Jfinaloa > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2024-57769 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57770 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57775 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8