VYPR

Jfinal CMS

by Jflyfox

Source repositories

CVEs (23)

  • CVE-2026-11473MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the…

  • CVE-2025-6105MedJun 16, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit…

  • CVE-2023-47503Nov 28, 2023
    risk 0.00cvss epss 0.01

    An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.

  • CVE-2023-34645Jun 16, 2023
    risk 0.00cvss epss 0.01

    jfinal CMS 5.1.0 has an arbitrary file read vulnerability.

  • CVE-2023-22975Feb 3, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.

  • CVE-2022-38274Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.

  • CVE-2022-38273Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.

  • CVE-2022-38272Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.

  • CVE-2022-38275Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.

  • CVE-2022-38276Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.

  • CVE-2022-38277Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.

  • CVE-2022-38278Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.

  • CVE-2022-38279Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.

  • CVE-2022-38280Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.

  • CVE-2022-38281Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.

  • CVE-2022-38282Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.

  • CVE-2022-38285Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.

  • CVE-2022-38286Sep 9, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.

  • CVE-2022-33114Jun 23, 2022
    risk 0.00cvss epss 0.01

    Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.

  • CVE-2021-42242May 5, 2022
    risk 0.00cvss epss 0.02

    A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.

Page 1 of 2