Description

JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

Remediation

References

https://gitee.com/heyewei/JFinalcms/issues/I7WGC6

Related Vulnerabilities

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee8:jetty-ee8-servlets

CVE-2023-26479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-parser

CVE-2022-24197 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2021-23337 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash

CVE-2020-7601 Vulnerability in npm package gulp-scss-lint

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Issue Tracking Third Party Advisory