CVE-2020-19151

Name of the Vulnerable Software and Affected Versions: Jfinal CMS versions 4.7.1 and earlier

Description: The issue allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal cms/admin/filemanager/list'.

Recommendations: For Jfinal CMS versions 4.7.1 and earlier, consider restricting access to the 'jfinal cms/admin/filemanager/list' component to minimize the risk of exploitation. As a temporary workaround, avoid using the file upload feature in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.