Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jfinalcms
(Jfinalcms_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-05 | CVE-2023-49396 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. | Jfinalcms | 8.8 | ||
| 2023-12-05 | CVE-2023-49397 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. | Jfinalcms | 8.8 | ||
| 2023-12-05 | CVE-2023-49446 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | Jfinalcms | 8.8 | ||
| 2023-12-05 | CVE-2023-49447 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | Jfinalcms | 8.8 | ||
| 2023-12-05 | CVE-2023-49448 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | Jfinalcms | 8.8 | ||
| 2023-09-19 | CVE-2023-41599 | An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | Jfinalcms | 5.3 | ||
| 2022-04-22 | CVE-2022-27341 | JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. | Jfinalcms | 9.8 |