exploitDog

GHSA-75x9-5mr4-583v

Опубликовано: 30 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.

Ссылки

EPSS

Процентиль: 38%

0.00167

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2024-57665

CVSS3: 9.8

nvd

около 1 года назад

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.

EPSS

Процентиль: 38%

0.00167

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89