CVE-2022-37205

CVE-2022-37205 POC

[Suggested description] ** RESERVED **JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

[Additional Information] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql8.md

[Vulnerability Type] SQL Injection

[Vendor of Product] the development group

[Affected Product Code Base] https://github.com/jflyfox/jfinal_cms - JFinal CMS 5.1.0

[Affected Component] These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection

[Attack Type] Remote

[Impact Code execution] true

[Impact Information Disclosure] true

[Attack Vectors] User login is required

[Reference] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql8.md

[Discoverer] jw5t

Use CVE-2022-37205.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

Repository files navigation

CVE-2022-37205

About

Releases

Packages

License

AgainstTheLight/CVE-2022-37205

Folders and files

Latest commit

History

LICENSE

LICENSE

README.md

README.md

Repository files navigation

CVE-2022-37205

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Packages