SQL Injection Vulnerability in JFinal CMS by JFinal
CVE-2022-37209
Key Information:
- Vendor
Jflyfox
- Status
- Vendor
- CVE Published:
- 27 September 2022
Badges
What is CVE-2022-37209?
JFinal CMS version 5.1.0 is subject to an SQL Injection vulnerability due to inadequate filtering and distinct SQL concatenation methods across its interfaces. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Proper sanitization and unified SQL handling principles are necessary to mitigate this security risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
Vulnerability published
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability Reserved