Vulnerabilities > Jflyfox

DATE CVE VULNERABILITY TITLE RISK
2022-09-09 CVE-2022-38279 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38280 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38281 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38282 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38283 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38284 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38285 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
network
low complexity
jflyfox CWE-89
7.2
2022-09-09 CVE-2022-38286 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
network
low complexity
jflyfox CWE-89
7.2
2022-08-25 CVE-2022-36527 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
network
low complexity
jflyfox CWE-79
5.4
2022-08-23 CVE-2022-37223 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
network
low complexity
jflyfox CWE-89
critical
9.8