Description

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.

Remediation

References

https://github.com/jflyfox/jfinal_cms/issues/48

Related Vulnerabilities

CVE-2021-23460 Vulnerability in npm package min-dash

CVE-2022-41713 Vulnerability in npm package deep-object-diff

CVE-2020-27885 Vulnerability in maven package org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature

CVE-2022-22969 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory