CVE-2024-12350 | JFinalCMS 1.0 Template TemplateController.java update content command injection

Posted by Angelo Barbosa | Dec 8, 2024 | CVE

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file srcmainjavacomcmscontrolleradminTemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection.

This vulnerability is handled as CVE-2024-12350. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-12350 | JFinalCMS 1.0 Template TemplateController.java update content command injection

Related Posts

CVE-2023-50488 | Blurams Lumi Security Camera 23.0406.435.4120 Privilege Escalation

CVE-2024-20384 | Cisco ASA/Firepower Threat Defense Software NSG authentication spoofing (cisco-sa-asaftd-nsgacl-bypass-77XnEAsL)

CVE-2023-6308 | Xiamen Four-Faith Video Surveillance Management System 2016/2017 Apache Struts unrestricted upload

CVE-2024-9351 | Forminator Forms Plugin up to 1.35.1 on WordPress Draft Quiz Creation cross-site request forgery