CVE-2023-50449

Name of the Vulnerable Software and Affected Versions JFinalCMS version 5.0.0

Description The issue allows a remote attacker to read files via ../ Directory Traversal in the "/common/down/file" fileKey parameter. This could potentially lead to unauthorized access to sensitive information.

Recommendations For JFinalCMS version 5.0.0, as a temporary workaround, consider restricting access to the "/common/down/file" endpoint until a patch is available. Avoid using the fileKey parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.