Description
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Remediation
References
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Related Vulnerabilities
CVE-2023-50578 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2020-2157 Vulnerability in maven package org.jenkins-ci.plugins:skytap
CVE-2021-23447 Vulnerability in npm package teddy
CVE-2020-26870 Vulnerability in maven package org.webjars.bower:dompurify
CVE-2021-3856 Vulnerability in maven package org.keycloak:keycloak-services