Описание
Duplicate Advisory: Arbitrary code execution in jfinal CMS
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-8qhm-ch8h-xgjr. This link is maintained to preserve external references.
Original Description
Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.
Пакеты
Наименование
com.jflyfox:jflyfox_jfinal
maven
Затронутые версииВерсия исправления
<= 5.1.0
Отсутствует
CVE ID
Связанные уязвимости
nvd
почти 3 года назад
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-26813. Reason: This record is a reservation duplicate of CVE-2023-26813. Notes: All CVE users should reference CVE-2023-26813 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.