Description
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Remediation
References
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Related Vulnerabilities
CVE-2016-10735 Vulnerability in maven package ua.mobius.media:bootstrap
CVE-2020-11072 Vulnerability in npm package slpjs
CVE-2021-38542 Vulnerability in maven package org.apache.james:james-server
CVE-2021-4264 Vulnerability in maven package org.webjars:dustjs-linkedin
CVE-2023-24163 Vulnerability in maven package cn.hutool:hutool-all