Shodan
Vulnerabilities
Vulnerable Software
Jflyfox:  >> Jfinal Cms  Security Vulnerabilities
CVE-2022-27111
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
CVE-2021-46087
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-01-25
CVE-2021-37262
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-16
CVE-2021-40639
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-15
CVE-2020-19148
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-09-15
CVE-2020-19150
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-09-15
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
CVSS Score
8.8
EPSS Score
0.017
Published
2021-09-15
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-09-15
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.
CVSS Score
8.8
EPSS Score
0.032
Published
2021-09-15
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved