SQL Injection Vulnerability in JFinalCMS File Content Handler
CVE-2024-12351

8.8HIGH

Key Information:

Vendor

JFinalCMS

Status
Jfinalcms
Vendor
CVE Published:
9 December 2024

What is CVE-2024-12351?

A significant SQL injection vulnerability has been identified in JFinalCMS version 1.0, specifically within the findPage function located in the ContentModel class. This vulnerability arises from improper handling of user-supplied input within the File Content Handler component. An attacker can exploit this vulnerability remotely by manipulating the argument name, allowing unauthorized access to the database and potential data leaks. This poses a severe security risk to any deployed instance of JFinalCMS, necessitating immediate attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JFinalCMS 1.0

References

https://vuldb.com/?id.287271
vdb-entrytechnical-description
https://vuldb.com/?ctiid.287271
signaturepermissions-required
https://vuldb.com/?submit.456048
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

hadagaga (VulDB User)
JSON
.