CVE-2022-37203

Опубликовано: 19 сент. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

Ссылки

https://github.com/AgainstTheLight/CVE-2022-37203/blob/main/README.md
Third Party Advisory
https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql3.md
Exploit
Third Party Advisory
https://github.com/AgainstTheLight/CVE-2022-37203/blob/main/README.md
Third Party Advisory
https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql3.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jflyfox:jfinal_cms:5.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01051

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-hqvp-grxx-fxfg