Arbitrary File Read Vulnerability in jfinal CMS by JFlyFox
CVE-2023-34645

7.5HIGH

Key Information:

Vendor: Jflyfox
Status: Jfinal Cms
Vendor: CVE Published:; 16 June 2023

What is CVE-2023-34645?

The arbitrary file read vulnerability in jfinal CMS version 5.1.0 allows an attacker to access sensitive files on the server. This can lead to exposure of confidential information and server misconfigurations. It's crucial for users to assess their installations and apply necessary patches to mitigate potential risks associated with this vulnerability.

References

https://github.com/jflyfox/jfinal_cms/issues/57

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Jun 7, 2023

CVE-2023-34645 Data

JSON

Jflyfox

What is CVE-2023-34645?

References

CVSS V3.1

Timeline