CVE-2024-12350

Name of the Vulnerable Software and Affected Versions JFinalCMS version 1.0

Description The issue is related to incorrect code generation management in the Template Handler component of the JFinalCMS system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The vulnerability affects the update function of the Template Handler component, specifically the manipulation of the content argument, leading to command injection. The attack can be launched remotely.

Recommendations For JFinalCMS version 1.0, as a temporary workaround, consider disabling the update function of the Template Handler component until a patch is available. Restrict access to the Template Handler component to minimize the risk of exploitation. Avoid using the content argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.