PT-2023-20805 · Jfinalcms · Jfinalcms
Published
2023-04-28
·
Updated
2023-05-02
·
CVE-2023-26812
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
jfinal CMS version 5.1.0
Description
A command execution issue in the ActionEnter Class of jfinal CMS allows attackers to execute arbitrary code via a created json file to the ueditor route.
Recommendations
For jfinal CMS version 5.1.0, consider disabling the ActionEnter Class or restricting access to the ueditor route until a patch is available.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jfinalcms