CVE-2024-12351 | JFinalCMS 1.0 File Content ContentModel.java findPage name sql injection

Posted by Angelo Barbosa | Dec 8, 2024 | CVE

A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file srcmainjavacomcmsentityContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-12351. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2024-12351 | JFinalCMS 1.0 File Content ContentModel.java findPage name sql injection

Related Posts

CVE-2024-28091 | Technicolor TC8715D 01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T User Defined Service managed_services_add.asp cross site scripting

CVE-2024-35670 | SoftLab Integrate Google Drive Plugin up to 1.3.93 on WordPress improper authentication

CVE-2024-23279 | Apple macOS up to 14.3 access control (HT214084)

CVE-2024-49267 | nayon46 Unlimited Addon for Elementor Plugin up to 2.0.0 on WordPress cross site scripting