PT-2021-22937 · Jfinalcms · Jfinalcms

E0Mljao

Published

2021-09-15

Updated

2022-07-12

CVE-2021-40639

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jfinal CMS version 5.1.0

Description The issue is related to improper access control, allowing attackers to access sensitive information. This can be done via the "/classes/conf/db.properties" and "config=filemanager.config.js" parameters.

Recommendations For Jfinal CMS version 5.1.0, consider restricting access to the "/classes/conf/db.properties" and "config=filemanager.config.js" parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-668

Related Identifiers

CVE-2021-40639

Affected Products

Jfinalcms

PT-2021-22937 · Jfinalcms · Jfinalcms

CVE-2021-40639

Weakness Enumeration

Related Identifiers

Affected Products

References · 8