Jflyfox

jflyfox

51 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Jfinal Cms

jfinal_cms

51 CVEs

CVEs (51)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38281 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
CVE-2022-38280 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
CVE-2022-38279 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
CVE-2022-38278 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
CVE-2022-38277 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
CVE-2022-38276 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
CVE-2022-38275 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
CVE-2022-38274 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
CVE-2022-38273 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
CVE-2022-38272 1Jflyfox 1Jfinal Cms Nov 21, 2024 Sep 9, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
CVE-2022-36527 1Jflyfox 1Jfinal Cms Nov 21, 2024 Aug 25, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
CVE-2022-37223 1Jflyfox 1Jfinal Cms Nov 21, 2024 Aug 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVE-2022-37199 1Jflyfox 1Jfinal Cms Nov 21, 2024 Aug 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
CVE-2022-34928 1Jflyfox 1Jfinal Cms Nov 21, 2024 Aug 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
CVE-2022-33114 1Jflyfox 1Jfinal Cms Nov 21, 2024 Jun 23, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
CVE-2022-33113 1Jflyfox 1Jfinal Cms Nov 21, 2024 Jun 23, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
CVE-2022-29648 1Jflyfox 1Jfinal Cms Nov 21, 2024 Jun 2, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
CVE-2022-30500 1Jflyfox 1Jfinal Cms Nov 21, 2024 May 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Jfinal cms 5.1.0 is vulnerable to SQL Injection.
CVE-2021-42242 1Jflyfox 1Jfinal Cms Nov 21, 2024 May 5, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
CVE-2022-28505 1Jflyfox 1Jfinal Cms Nov 21, 2024 May 3, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.

Previous 123 Next