37208

CVE-2022-37208

[Suggested description] JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

[Additional Information] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql5.md

[Vulnerability Type] SQL Injection

[Vendor of Product] the development group

[Affected Product Code Base] https://github.com/jflyfox/jfinal_cms - JFinal CMS 5.1.0

[Affected Component] These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection

[Attack Type] Remote

[Impact Code execution] true

[Impact Information Disclosure] true

[Attack Vectors] User login is required

[Reference] https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql5.md

[Discoverer] jw5t

Use CVE-2022-37208.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

Repository files navigation

37208

About

Releases

Packages

License

AgainstTheLight/CVE-2022-37208

Folders and files

Latest commit

History

LICENSE

LICENSE

README.md

README.md

Repository files navigation

37208

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Packages