N1Ce759

**Name of the Vulnerable Software and Affected Versions** Jfinal cms version 5.1.0 **Description** The issue concerns SQL Injection via the `com.jflyfox.system.log.LogController.java` file. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Jfinal cms version 5.1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 74cmsSE version 3.4.1 **Description** The issue allows for an arbitrary file read via the `url` parameter at the indexcontrollerDownload.php endpoint. **Recommendations** For 74cmsSE version 3.4.1, avoid using the `url` parameter in the indexcontrollerDownload.php endpoint until the issue is resolved. Consider restricting access to the Download.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.