Vulnerabilities > Jflyfox > Jfinal CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-16 | CVE-2023-34645 | Files or Directories Accessible to External Parties vulnerability in Jflyfox Jfinal CMS 5.1.0 jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | 7.5 |
| 2022-10-26 | CVE-2022-37202 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | 8.8 |
| 2022-10-13 | CVE-2022-37208 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection. | 8.8 |
| 2022-09-27 | CVE-2022-37209 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is affected by: SQL Injection. | 8.8 |
| 2022-05-26 | CVE-2022-30500 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 7.5 |
| 2022-05-05 | CVE-2021-42242 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.0.1 A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | 7.5 |
| 2021-09-15 | CVE-2020-19155 | Exposure of Resource to Wrong Sphere vulnerability in Jflyfox Jfinal CMS Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | 8.8 |