SQL Injection Vulnerability in JFinal CMS by JFlyFox
CVE-2022-38276

7.2HIGH

Key Information:

Vendor

Jflyfox

Status
Jfinal Cms
Vendor
CVE Published:
9 September 2022

What is CVE-2022-38276?

JFinal CMS version 5.1.0 contains a security flaw that allows attackers to exploit an SQL injection vulnerability through the /admin/foldernotice/list endpoint. This flaw could allow unauthorized access to sensitive data and the potential execution of arbitrary SQL commands, posing a significant security risk for users and organizations utilizing this content management system.

References

https://github.com/jflyfox/jfinal_cms/issues/51
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.