Vulnerabilities > Jflyfox

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-47503 Unspecified vulnerability in Jflyfox Jfinal CMS 5.1.0
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
network
low complexity
jflyfox
critical
9.8
2023-06-16 CVE-2023-34645 Files or Directories Accessible to External Parties vulnerability in Jflyfox Jfinal CMS 5.1.0
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
network
low complexity
jflyfox CWE-552
7.5
2023-04-27 CVE-2023-30349 Unspecified vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
network
low complexity
jflyfox
critical
9.8
2023-02-03 CVE-2023-22975 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
network
low complexity
jflyfox CWE-79
6.1
2022-10-26 CVE-2022-37202 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
network
low complexity
jflyfox CWE-89
8.8
2022-10-13 CVE-2022-37208 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
network
low complexity
jflyfox CWE-89
8.8
2022-09-27 CVE-2022-37209 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is affected by: SQL Injection.
network
low complexity
jflyfox CWE-89
8.8
2022-06-23 CVE-2022-33113 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
network
jflyfox CWE-79
3.5
2022-06-23 CVE-2022-33114 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
network
low complexity
jflyfox CWE-89
6.5
2022-06-02 CVE-2022-29648 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
network
jflyfox CWE-79
3.5