VYPR

Jfinal

by Jfinal

Source repositories

CVEs (23)

  • CVE-2020-19151Sep 15, 2021
    risk 0.00cvss epss 0.05

    Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.

  • CVE-2020-19150Sep 15, 2021
    risk 0.00cvss epss 0.03

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2020-19147Sep 15, 2021
    risk 0.00cvss epss 0.02

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.

Page 2 of 2