Jfinal CMS 5.1.0 list attrVal sql injection

A vulnerability was found in Jfinal CMS 5.1.0 (Content Management System). It has been classified as critical. Affected is an unknown code of the file /jfinal_cms/system/dict/list. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

021
120

Field

exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1
vulnerability_cvss3_vuldb_basescore1

Commit Conf

90%29
50%12

Approve Conf

90%29
80%12
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1264349206/23/2022VulD...price_0day$0-$5ksee exploit price documentation06/23/2022accepted
90
1264349106/23/2022VulD...cvss3_meta_tempscore6.3see CVSS documentation06/23/2022accepted
90
1264349006/23/2022VulD...cvss3_meta_basescore6.3see CVSS documentation06/23/2022accepted
90
1264348906/23/2022VulD...cvss3_vuldb_tempscore6.3see CVSS documentation06/23/2022accepted
90
1264348806/23/2022VulD...cvss3_vuldb_basescore6.3see CVSS documentation06/23/2022accepted
90
1264348706/23/2022VulD...cvss2_vuldb_tempscore6.5see CVSS documentation06/23/2022accepted
90
1264348606/23/2022VulD...cvss2_vuldb_basescore6.5see CVSS documentation06/23/2022accepted
90
1264348506/23/2022VulD...cvss3_vuldb_rlXderived from historical data06/23/2022accepted
80
1264348406/23/2022VulD...cvss3_vuldb_eXderived from historical data06/23/2022accepted
80
1264348306/23/2022VulD...cvss3_vuldb_prLderived from historical data06/23/2022accepted
80
1264348206/23/2022VulD...cvss2_vuldb_rlNDderived from historical data06/23/2022accepted
80
1264348106/23/2022VulD...cvss2_vuldb_eNDderived from historical data06/23/2022accepted
80
1264348006/23/2022VulD...cvss2_vuldb_auSderived from historical data06/23/2022accepted
80
1264347906/23/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector06/23/2022accepted
80
1264347806/23/2022VulD...cvss2_vuldb_aiPderived from vuldb v3 vector06/23/2022accepted
80
1264347706/23/2022VulD...cvss2_vuldb_iiPderived from vuldb v3 vector06/23/2022accepted
80
1264347606/23/2022VulD...cvss2_vuldb_ciPderived from vuldb v3 vector06/23/2022accepted
80
1264347506/23/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector06/23/2022accepted
80
1264347406/23/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector06/23/2022accepted
80
1264347306/23/2022VulD...typeContent Management System06/23/2022accepted
90

21 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!