Jfinal Cms

jfinal_cms

Vendor: Jflyfox • 51 CVEs

CVEs (51)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-6105 1Jflyfox 1Jfinal Cms Apr 29, 2026 Jun 16, 2025 2.1 LOW· v4 8.8 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request...Show more A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-53477 1Jflyfox 1Jfinal Cms Nov 25, 2025 Dec 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java
CVE-2023-47503 1Jflyfox 1Jfinal Cms Nov 21, 2024 Nov 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
CVE-2023-34645 1Jflyfox 1Jfinal Cms Dec 17, 2024 Jun 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
CVE-2023-30349 1Jflyfox 1Jfinal Cms Jan 31, 2025 Apr 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
CVE-2023-24747 1Jflyfox 1Jfinal Cms Feb 13, 2025 Apr 5, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.
CVE-2023-22975 1Jflyfox 1Jfinal Cms Nov 21, 2024 Feb 3, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
CVE-2022-37202 1Jflyfox 1Jfinal Cms May 7, 2025 Oct 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
CVE-2022-37208 1Jflyfox 1Jfinal Cms May 15, 2025 Oct 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVE-2022-37209 1Jflyfox 1Jfinal Cms May 22, 2025 Sep 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVE-2022-37205 1Jflyfox 1Jfinal Cms May 28, 2025 Sep 20, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVE-2022-37204 1Jflyfox 1Jfinal Cms May 27, 2025 Sep 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Final CMS 5.1.0 is vulnerable to SQL Injection.
CVE-2022-37203 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVE-2022-37201 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVE-2022-37207 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
CVE-2022-38286 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
CVE-2022-38285 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
CVE-2022-38284 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
CVE-2022-38283 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
CVE-2022-38282 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.

12 3 Next