VYPR

JFinalOA

by glorylion

CVEs (2)

  • CVE-2021-40645MedMar 30, 2022
    risk 0.42cvss 6.5epss 0.01

    An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.

  • CVE-2023-0758MedFeb 9, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be…