Vulnerabilities > Jflyfox > Jfinal CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-09 | CVE-2022-38285 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. | 7.2 |
| 2022-09-09 | CVE-2022-38286 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. | 7.2 |
| 2022-08-03 | CVE-2022-34928 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | 8.8 |
| 2022-06-23 | CVE-2022-33114 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | 7.2 |
| 2022-05-03 | CVE-2022-28505 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. | 7.2 |
| 2021-12-16 | CVE-2021-37262 | Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. | 7.5 |
| 2021-09-15 | CVE-2021-40639 | Incorrect Authorization vulnerability in Jflyfox Jfinal CMS 5.1.0 Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | 7.5 |
| 2021-09-15 | CVE-2020-19150 | Path Traversal vulnerability in Jflyfox Jfinal CMS Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. | 8.1 |
| 2021-09-15 | CVE-2020-19151 | Command Injection vulnerability in Jflyfox Jfinal CMS Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | 8.8 |
| 2021-09-15 | CVE-2020-19155 | Exposure of Resource to Wrong Sphere vulnerability in Jflyfox Jfinal CMS Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | 8.8 |