So4M

#2204of 53,624
108Total CVSS
Vulnerabilities · 15
High
15
PT-2022-24326
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38272
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/article/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue.
PT-2022-24327
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38273
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/article/list approve" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24328
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38274
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/comment/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue.
PT-2022-24329
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38275
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/contact/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue.
PT-2022-24330
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38276
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/foldernotice/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue.
PT-2022-24331
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38277
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/folderrollpicture/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24332
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38278
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/friendlylink/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24333
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38279
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/admin/imagealbum/list" API endpoint. This allows for potential unauthorized access to sensitive data. **Recommendations** For JFinal CMS version 5.1.0, consider restricting access to the "/admin/imagealbum/list" endpoint until a patch is available. As a temporary workaround, avoid using sensitive queries in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24335
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38280
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/admin/image/list" API endpoint. This allows for potential unauthorized access to sensitive data. **Recommendations** For JFinal CMS version 5.1.0, consider restricting access to the "/admin/image/list" endpoint until a patch is available. As a temporary workaround, review and limit the use of user-input data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24336
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38281
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/admin/site/list" API endpoint. This allows for potential unauthorized access to sensitive data. **Recommendations** For JFinal CMS version 5.1.0, consider restricting access to the "/admin/site/list" endpoint until a patch is available. As a temporary workaround, review and limit the use of user-input data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24337
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38282
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/videoalbum/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24338
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38283
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/admin/video/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue.
PT-2022-24339
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38284
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue allows for SQL Injection via the "/system/department/list" API endpoint. **Recommendations** For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue.
PT-2022-24340
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38285
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue is related to SQL Injection, which can be exploited via the `/system/menu/list` API endpoint. This allows for potential unauthorized access to sensitive data. **Recommendations** For JFinal CMS version 5.1.0, as a temporary workaround, consider restricting access to the `/system/menu/list` API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24341
7.2
2022-09-09
Jfinalcms · Jfinalcms · CVE-2022-38286
**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** The issue is related to SQL Injection, which can be exploited via the `/system/role/list` API endpoint. This allows for potential unauthorized access to sensitive data. **Recommendations** For JFinal CMS version 5.1.0, as a temporary workaround, consider restricting access to the `/system/role/list` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.