Jfinalcms Project Jfinalcms vulnerabilities
39 known vulnerabilities affecting jfinalcms_project/jfinalcms.
Total CVEs
39
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH22MEDIUM15
Vulnerabilities
Page 1 of 2
CVE-2023-41599P2MEDIUMCVSS 5.3ExploitedPoCv5.0.02023-09-19
CVE-2023-41599 [MEDIUM] CWE-22 CVE-2023-41599: An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execut
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.
nvd
CVE-2022-27341P3CRITICALCVSS 9.8v2.02022-04-22
CVE-2022-27341 [CRITICAL] CWE-89 CVE-2022-27341: JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management fu
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
nvd
CVE-2024-24029P3CRITICALCVSS 9.8v5.0.02024-02-02
CVE-2024-24029 [CRITICAL] CWE-89 CVE-2024-24029: JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
nvd
CVE-2024-40322P3HIGHCVSS 8.8v5.0.02024-07-16
CVE-2024-40322 [HIGH] CWE-89 CVE-2024-40322: An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_d
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
nvd
CVE-2023-50449P3HIGHCVSS 7.5v5.0.02023-12-10
CVE-2023-50449 [HIGH] CWE-22 CVE-2023-50449: JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /comm
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
nvd
CVE-2024-24375P3HIGHCVSS 7.5v5.0.02024-03-07
CVE-2024-24375 [HIGH] CWE-89 CVE-2024-24375: SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive inform
SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.
nvd
CVE-2023-49373P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49373 [HIGH] CWE-352 CVE-2023-49373: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/dele
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
nvd
CVE-2023-49376P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49376 [HIGH] CWE-352 CVE-2023-49376: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
nvd
CVE-2023-49379P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49379 [HIGH] CWE-352 CVE-2023-49379: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
nvd
CVE-2023-49377P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49377 [HIGH] CWE-352 CVE-2023-49377: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
nvd
CVE-2023-49383P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49383 [HIGH] CWE-352 CVE-2023-49383: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
nvd
CVE-2023-49380P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49380 [HIGH] CWE-352 CVE-2023-49380: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
nvd
CVE-2023-49448P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49448 [HIGH] CWE-352 CVE-2023-49448: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via adm
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
nvd
CVE-2023-49398P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49398 [HIGH] CWE-352 CVE-2023-49398: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
nvd
CVE-2023-49382P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49382 [HIGH] CWE-352 CVE-2023-49382: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
nvd
CVE-2023-49378P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49378 [HIGH] CWE-352 CVE-2023-49378: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
nvd
CVE-2023-49446P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49446 [HIGH] CWE-352 CVE-2023-49446: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
nvd
CVE-2023-49375P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49375 [HIGH] CWE-352 CVE-2023-49375: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
nvd
CVE-2023-49395P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49395 [HIGH] CWE-352 CVE-2023-49395: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
nvd
CVE-2023-49397P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49397 [HIGH] CWE-352 CVE-2023-49397: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
nvd
1 / 2Next →