Vulnerabilities > Jflyfox > Jfinal CMS

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2022-30500 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
network
low complexity
jflyfox CWE-89
7.5
7.5
2022-05-05 CVE-2021-42242 Unspecified vulnerability in Jflyfox Jfinal CMS 5.0.1
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
network
low complexity
jflyfox
7.5
7.5
2022-05-03 CVE-2022-28505 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
network
low complexity
jflyfox CWE-89
6.5
6.5
2022-04-11 CVE-2022-27111 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
network
jflyfox CWE-79
3.5
3.5
2022-01-25 CVE-2021-46087 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS.
network
jflyfox CWE-79
3.5
3.5
2021-12-16 CVE-2021-37262 Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
network
low complexity
jflyfox CWE-74
5.0
5.0
2021-09-15 CVE-2021-40639 Incorrect Authorization vulnerability in Jflyfox Jfinal CMS 5.1.0
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
network
low complexity
jflyfox CWE-863
5.0
5.0
2021-09-15 CVE-2020-19146 Path Traversal vulnerability in Jflyfox Jfinal CMS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
network
low complexity
jflyfox CWE-22
4.0
4.0
2021-09-15 CVE-2020-19147 Path Traversal vulnerability in Jflyfox Jfinal CMS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.
network
low complexity
jflyfox CWE-22
4.0
4.0
2021-09-15 CVE-2020-19148 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
network
jflyfox CWE-79
3.5
3.5