CVE-2024-57665

Name of the Vulnerable Software and Affected Versions JFinalCMS version 1.0

Description The issue is related to SQL Injection in the Content.java file. The cause of the problem is that the title parameter is controllable and is concatenated directly into filterSql without filtering. This allows for potential SQL Injection attacks.

Recommendations For JFinalCMS version 1.0, as a temporary workaround, consider filtering the title parameter to prevent SQL Injection attacks. Restrict access to the Content.java file to minimize the risk of exploitation. Avoid using the title parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.