Submit #548985: jfinal <=5.2.4 Absolute Path Traversalinfo

Titlejfinal <=5.2.4 Absolute Path Traversal
Descriptionenjoy template rendering does not have path control, resulting in arbitrary file reading, because jfinal has built-in enjoy engine, so when the jfinal template is controlled, arbitrary file reading will occur
Source⚠️ https://github.com/Q16G/cve_detail/blob/main/jfinal/jfinal_enjoy_file_read.md
User
 760046475 (UID 82919)
Submission04/02/2025 04:52 (1 Year ago)
Moderation04/03/2025 15:22 (1 day later)
StatusAccepted
VulDB entry303169 [JFinal CMS up to 5.2.4 /readTemplate engine.getTemplate template path traversal]
Points16

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!