Vulnerabilities > Jflyfox > Jfinal CMS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-47503 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.1.0 An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | 9.8 |
| 2023-04-27 | CVE-2023-30349 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | 9.8 |
| 2022-09-20 | CVE-2022-37204 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Final CMS 5.1.0 is vulnerable to SQL Injection. | 9.8 |
| 2022-09-19 | CVE-2022-37203 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection. | 9.8 |
| 2022-08-23 | CVE-2022-37223 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | 9.8 |
| 2022-08-23 | CVE-2022-37199 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | 9.8 |
| 2022-05-26 | CVE-2022-30500 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 9.8 |
| 2022-05-05 | CVE-2021-42242 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.0.1 A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | 9.8 |