CVE-2024-24029

Name of the Vulnerable Software and Affected Versions JFinalCMS version 5.0.0

Description The issue is related to SQL injection via the "/admin/content/data" API endpoint. This allows for potential data manipulation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For JFinalCMS version 5.0.0, consider restricting access to the "/admin/content/data" API endpoint until a patch is available. Avoid using sensitive data in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.