Jwillber

**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 1.0 **Description** A critical vulnerability has been found in the function `findPage` of the file `srcmainjavacomcmsentityContentModel.java` of the component File Content Handler. The manipulation of the argument `name` leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For JFinalCMS version 1.0, as a temporary workaround, consider disabling the `findPage` function until a patch is available. Restrict access to the File Content Handler component to minimize the risk of exploitation. Avoid using the `name` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 1.0 **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability in the /admin/tag/save file of the JFinalCMS system. This vulnerability can be exploited remotely, allowing an attacker to perform a CSRF attack. The exploit has been disclosed to the public and may be used. **Recommendations** For JFinalCMS version 1.0, as a temporary workaround, consider disabling access to the /admin/tag/save file until a patch is available. Restrict access to the administrative panel to minimize the risk of exploitation. Avoid using the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 1.0 **Description** The issue is related to incorrect code generation management in the Template Handler component of the JFinalCMS system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The vulnerability affects the update function of the Template Handler component, specifically the manipulation of the `content` argument, leading to command injection. The attack can be launched remotely. **Recommendations** For JFinalCMS version 1.0, as a temporary workaround, consider disabling the update function of the Template Handler component until a patch is available. Restrict access to the Template Handler component to minimize the risk of exploitation. Avoid using the `content` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.