Skip to main content

Jfinal Cms

42 CVEs product

Monthly

CVE-2026-11473 MEDIUM This Month

SQL injection in jflyfox jfinal_cms through version 5.1.0 exposes database contents to remote, low-privileged attackers via an unsanitized `orderBy` parameter in the `list` function of `AdvicefeedbackController.java`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-reachable exploitation requiring only a low-privileged account, with limited but real confidentiality, integrity, and availability impact. The project was notified via GitHub issue #62 but has not responded, and no vendor-released patch exists at time of analysis. No public exploit code or confirmed active exploitation has been identified.

SQLi Jfinal Cms
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-53477 CRITICAL Act Now

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47503 CRITICAL POC Act Now

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34645 HIGH POC This Week

jfinal CMS 5.1.0 has an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Jfinal Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30349 Maven CRITICAL POC Act Now

JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-24747 MEDIUM This Month

Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22975 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37202 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-37208 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-37209 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-37205 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-37204 CRITICAL POC Act Now

Final CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37203 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37201 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-37207 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-38286 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38285 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38284 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38283 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38282 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38281 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38280 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38279 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38278 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38277 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38276 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38275 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38274 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38273 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38272 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-36527 Maven MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37223 Maven CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37199 Maven CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34928 HIGH POC This Week

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-33114 HIGH POC This Week

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33113 Maven MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29648 Maven MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30500 Maven CRITICAL POC Act Now

Jfinal cms 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28505 HIGH POC This Week

Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-27111 MEDIUM POC This Month

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37262 HIGH PATCH This Week

JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jfinal Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-40639 HIGH POC This Week

Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jfinal Cms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 5.3
MEDIUM This Month

SQL injection in jflyfox jfinal_cms through version 5.1.0 exposes database contents to remote, low-privileged attackers via an unsanitized `orderBy` parameter in the `list` function of `AdvicefeedbackController.java`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-reachable exploitation requiring only a low-privileged account, with limited but real confidentiality, integrity, and availability impact. The project was notified via GitHub issue #62 but has not responded, and no vendor-released patch exists at time of analysis. No public exploit code or confirmed active exploitation has been identified.

SQLi Jfinal Cms
NVD VulDB GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jfinal Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

jfinal CMS 5.1.0 has an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Jfinal Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jfinal Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jfinal Cms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Final CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Jfinal cms 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jfinal Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jfinal Cms
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy