Description
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Remediation
References
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Related Vulnerabilities
CVE-2020-25649 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-7699 Vulnerability in npm package express-fileupload
CVE-2017-16116 Vulnerability in maven package org.webjars.npm:string
CVE-2020-28502 Vulnerability in maven package org.webjars.npm:xmlhttprequest
CVE-2021-41151 Vulnerability in npm package @backstage/plugin-scaffolder-backend