Filtered by vendor Jfinalcms Project
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49373 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. | ||||
| CVE-2023-49372 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save. | ||||
| CVE-2023-41599 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | 5.3 Medium |
| An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | ||||
| CVE-2022-27341 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | 9.8 Critical |
| JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. | ||||
| CVE-2024-8782 | 2 Heyewei, Jfinalcms Project | 2 Jfinalcms, Jfinalcms | 2024-09-19 | 6.3 Medium |
| A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||