Jflyfox
Products
1- 23 CVEs
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47503 | Cri | 0.64 | 9.8 | 0.01 | Nov 28, 2023 | An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | ||
| CVE-2021-42242 | Cri | 0.64 | 9.8 | 0.02 | May 5, 2022 | A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | ||
| CVE-2023-34645 | Hig | 0.49 | 7.5 | 0.01 | Jun 16, 2023 | jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | ||
| CVE-2022-38286 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. | ||
| CVE-2022-38285 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. | ||
| CVE-2022-38282 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. | ||
| CVE-2022-38281 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. | ||
| CVE-2022-38280 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. | ||
| CVE-2022-38279 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. | ||
| CVE-2022-38278 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. | ||
| CVE-2022-38277 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list. | ||
| CVE-2022-38276 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. | ||
| CVE-2022-38275 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. | ||
| CVE-2022-38274 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. | ||
| CVE-2022-38273 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. | ||
| CVE-2022-38272 | Hig | 0.47 | 7.2 | 0.01 | Sep 9, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. | ||
| CVE-2022-33114 | Hig | 0.47 | 7.2 | 0.01 | Jun 23, 2022 | Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | ||
| CVE-2022-28505 | Hig | 0.47 | 7.2 | 0.01 | May 3, 2022 | Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. | ||
| CVE-2026-11473 | Med | 0.41 | 6.3 | 0.00 | Jun 8, 2026 | A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the… | ||
| CVE-2023-22975 | Med | 0.40 | 6.1 | 0.00 | Feb 3, 2023 | A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html. |
- risk 0.64cvss 9.8epss 0.01
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
- risk 0.64cvss 9.8epss 0.02
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
- risk 0.49cvss 7.5epss 0.01
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
- risk 0.47cvss 7.2epss 0.01
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
- risk 0.47cvss 7.2epss 0.01
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
- risk 0.47cvss 7.2epss 0.01
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the…
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.