Description
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Remediation
References
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Related Vulnerabilities
CVE-2018-3739 Vulnerability in maven package org.webjars.npm:https-proxy-agent
CVE-2022-0235 Vulnerability in npm package node-fetch
CVE-2019-10785 Vulnerability in maven package org.webjars.npm:dojox
CVE-2019-10787 Vulnerability in npm package im-resize
CVE-2020-12642 Vulnerability in maven package com.epam.reportportal:service-api