CVE-2023-0758

Name of the Vulnerable Software and Affected Versions glorylion JFinalOA version 1.0.2

Description A critical issue affects the processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java, where the manipulation of the id argument leads to sql injection. The attack can be initiated remotely.

Recommendations For glorylion JFinalOA version 1.0.2, consider restricting access to the SysOrg.java file and avoid using the id argument in the affected processing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.