Product
jflyfox jfinal cms
101 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-2200
CVE-2025-6105
CVE-2024-57665
CVE-2024-12351
CVE-2024-12350
CVE-2024-12349
CVE-2024-53477
CVE-2024-8782
CVE-2024-8706
CVE-2024-8694
CVE-2024-40322
CVE-2024-5379
CVE-2024-5310
CVE-2023-51254
CVE-2024-2568
CVE-2024-24375
CVE-2024-24029
CVE-2024-22497
CVE-2024-22496
CVE-2024-22494
CVE-2024-22493
CVE-2024-22492
CVE-2023-50136
CVE-2023-50137
CVE-2023-50102
CVE-2023-50101
CVE-2023-50100
CVE-2023-50449
CVE-2023-49487
CVE-2023-49486
CVE-2023-49485
CVE-2023-49448
CVE-2023-49447
CVE-2023-49446
CVE-2023-49398
CVE-2023-49397
CVE-2023-49396
CVE-2023-49395
CVE-2023-49383
CVE-2023-49382
CVE-2023-49381
CVE-2023-49380
CVE-2023-49379
CVE-2023-49378
CVE-2023-49377
CVE-2023-49376
CVE-2023-49375
CVE-2023-49374
CVE-2023-49373
CVE-2023-49372
CVE-2023-47503
CVE-2023-41599
CVE-2023-34645
CVE-2023-30349
CVE-2023-24747
CVE-2023-22975
CVE-2022-37202
CVE-2022-37208
CVE-2022-37209
CVE-2022-37205
CVE-2022-37204
CVE-2022-37203
CVE-2022-37201
CVE-2022-37207
CVE-2022-38286
CVE-2022-38285
CVE-2022-38284
CVE-2022-38283
CVE-2022-38282
CVE-2022-38281
CVE-2022-38280
CVE-2022-38279
CVE-2022-38278
CVE-2022-38277
CVE-2022-38276
CVE-2022-38275
CVE-2022-38274
CVE-2022-38273
CVE-2022-38272
CVE-2022-36527
CVE-2022-37223
CVE-2022-37199
CVE-2022-34928
CVE-2022-33114
CVE-2022-33113
CVE-2022-29648
CVE-2022-30500
CVE-2021-42242
CVE-2022-28505
CVE-2022-27341
CVE-2022-27111
CVE-2021-46087
CVE-2021-37262
CVE-2021-40639
CVE-2020-19155
CVE-2020-19154
CVE-2020-19151
CVE-2020-19150
CVE-2020-19148
CVE-2020-19147
CVE-2020-19146
all versions
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the c
all versions
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code
all versions
JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that t
all versions
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\ja
all versions
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the fi
all versions
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown func
all versions
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java
<= 1.0
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the fil
< 20240903
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of
< 20240903
A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of t
all versions
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
< 20240111
A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processin
< 20221020
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /ad
all versions
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to
all versions
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown
all versions
SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name pa
all versions
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
all versions
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary c
all versions
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username p
all versions
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to in
all versions
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to i
all versions
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to i
all versions
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creatin
all versions
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
all versions
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
all versions
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
all versions
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
all versions
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter
all versions
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
all versions
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
all versions
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
all versions
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
all versions
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp com
all versions
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.
all versions
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
all versions
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
all versions
Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.
all versions
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a cr
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but eac
all versions
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each
all versions
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each
all versions
Final CMS 5.1.0 is vulnerable to SQL Injection.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but eac
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
all versions
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
all versions
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title tex
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
all versions
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
all versions
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
all versions
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/lis
all versions
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text f
all versions
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a cr
all versions
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
all versions
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
all versions
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
all versions
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
all versions
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute
>= 5.1.0
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the
all versions
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
all versions
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&confi
<= 4.7.1
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute ar
<= 4.7.1
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileMana
<= 4.7.1
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML
<= 4.7.1
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial
<= 4.7.1
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' p
<= 4.7.1
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolde
<= 4.7.1
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'Template