Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-37223 Vulnerability in maven package com.jflyfox:jflyfox_jfinal

Description

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.

Remediation

References

https://github.com/jflyfox/jfinal_cms/issues/49

Related Vulnerabilities

CVE-2021-41184 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk18on

CVE-2021-4329 Vulnerability in maven package org.webjars.npm:json-logic-js

CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs

CVE-2020-26259 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory