Jfinalcms Project

jfinalcms_project

39 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (39)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49446 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
CVE-2023-49398 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
CVE-2023-49397 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
CVE-2023-49396 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
CVE-2023-49395 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
CVE-2023-49383 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
CVE-2023-49382 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
CVE-2023-49381 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
CVE-2023-49380 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
CVE-2023-49379 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
CVE-2023-49378 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
CVE-2023-49377 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
CVE-2023-49376 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
CVE-2023-49375 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
CVE-2023-49374 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
CVE-2023-49373 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
CVE-2023-49372 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
CVE-2023-41599 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Sep 19, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.
CVE-2022-27341 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Apr 22, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.