VYPR
Vendor

Jflyfox

Products
1
CVEs
23
Across products
23
Status
Private

Products

1

Recent CVEs

23
View all 23 CVEs →
  • CVE-2023-47503CriNov 28, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.

  • CVE-2021-42242CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.02

    A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.

  • CVE-2023-34645HigJun 16, 2023
    risk 0.49cvss 7.5epss 0.01

    jfinal CMS 5.1.0 has an arbitrary file read vulnerability.

  • CVE-2022-38286HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.

  • CVE-2022-38285HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.

  • CVE-2022-38282HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.

  • CVE-2022-38281HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.

  • CVE-2022-38280HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.

  • CVE-2022-38279HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.

  • CVE-2022-38278HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.

  • CVE-2022-38277HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.

  • CVE-2022-38276HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.

  • CVE-2022-38275HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.

  • CVE-2022-38274HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.

  • CVE-2022-38273HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.

  • CVE-2022-38272HigSep 9, 2022
    risk 0.47cvss 7.2epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.

  • CVE-2022-33114HigJun 23, 2022
    risk 0.47cvss 7.2epss 0.01

    Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.

  • CVE-2022-28505HigMay 3, 2022
    risk 0.47cvss 7.2epss 0.01

    Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.

  • CVE-2026-11473MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the…

  • CVE-2023-22975MedFeb 3, 2023
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.