CVE-2022-37203

Description

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

Related CPE's

ajflyfoxjfinal_cms5.1.0*******

References

https://github.com/AgainstTheLight/CVE-2022-37203/blob/main/README.md

Third Party Advisory

https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql3.md

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io