CVE-2024-2568

Name of the Vulnerable Software and Affected Versions heyewei JFinalCMS version 5.0.0

Description A critical issue has been found in the Custom Data Page component, specifically affecting an unknown functionality of the file "/admin/div data/delete?divId=9". This issue leads to sql injection and can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For version 5.0.0, consider disabling access to the "/admin/div data/delete?divId=9" endpoint until a patch is available. Restricting the use of the Custom Data Page component may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.