Vulnerabilities > Jflyfox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-09 | CVE-2022-38279 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. | 7.2 |
| 2022-09-09 | CVE-2022-38280 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. | 7.2 |
| 2022-09-09 | CVE-2022-38281 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. | 7.2 |
| 2022-09-09 | CVE-2022-38282 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. | 7.2 |
| 2022-09-09 | CVE-2022-38283 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. | 7.2 |
| 2022-09-09 | CVE-2022-38284 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. | 7.2 |
| 2022-09-09 | CVE-2022-38285 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. | 7.2 |
| 2022-09-09 | CVE-2022-38286 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. | 7.2 |
| 2022-08-25 | CVE-2022-36527 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | 5.4 |
| 2022-08-23 | CVE-2022-37223 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | 9.8 |